commit 5d17ab3b354fe96e94689ad012163f42cc598a27
author Alex Stapleton <alexs@prol.etari.at> Wed Feb 05 19:47:00 2014 +0000
committer Alex Stapleton <alexs@prol.etari.at> Wed Feb 05 19:51:27 2014 +0000
tree 6a6f64e20e39b78dd3be973ac3d24fdfe15ee643
parent 52026b85c3df15476d38f308cee59a29a9b43195

Sanity check keys.

Taken from RFC 3447.

cryptography/hazmat/primitives/asymmetric/rsa.py

diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py
index aa24aee..c5fecbc 100644
--- a/cryptography/hazmat/primitives/asymmetric/rsa.py
+++ b/cryptography/hazmat/primitives/asymmetric/rsa.py
@@ -35,6 +35,12 @@
         ):
             raise TypeError("RSAPublicKey arguments must be integers")
 
+        if modulus < 3:
+            raise ValueError("modulus must be >= 3")
+
+        if public_exponent < 3 or public_exponent >= modulus:
+            raise ValueError("public_exponent must be >= 3 and < modulus")
+
         self._public_exponent = public_exponent
         self._modulus = modulus
 
@@ -71,6 +77,15 @@
         ):
             raise TypeError("RSAPrivateKey arguments must be integers")
 
+        if modulus < 3:
+            raise ValueError("modulus must be >= 3")
+
+        if private_exponent >= modulus:
+            raise ValueError("private_exponent must be < modulus")
+
+        if public_exponent < 3 or public_exponent >= modulus:
+            raise ValueError("public_exponent must be >= 3 and < modulus")
+
         self._p = p
         self._q = q
         self._private_exponent = private_exponent

tests/hazmat/primitives/test_rsa.py

diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index e50417b..c725c5f 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -50,9 +50,43 @@
         assert skey.key_size == pkey.key_size
         assert skey.key_size == pkey2.key_size
 
-    def test_invalid_arguments(self):
+    def test_invalid_argument_types(self):
         with pytest.raises(TypeError):
             rsa.RSAPrivateKey(None, None, None, None, None)
 
         with pytest.raises(TypeError):
             rsa.RSAPublicKey(None, None)
+
+    def test_invalid_argument_values(self):
+        # tiny example key
+        rsa.RSAPrivateKey(3, 5, 14, 8, 15)
+
+        # modulus too small
+        with pytest.raises(ValueError):
+            rsa.RSAPrivateKey(3, 5, 14, 8, 2)
+
+        # private exp too high
+        with pytest.raises(ValueError):
+            rsa.RSAPrivateKey(3, 5, 16, 8, 15)
+
+        # public exp too low
+        with pytest.raises(ValueError):
+            rsa.RSAPrivateKey(3, 5, 14, 2, 15)
+
+        # public exp too high
+        with pytest.raises(ValueError):
+            rsa.RSAPrivateKey(3, 5, 14, 16, 15)
+
+        rsa.RSAPublicKey(8, 15)
+
+        # modulus too small
+        with pytest.raises(ValueError):
+            rsa.RSAPublicKey(8, 2)
+
+        # public exp too low
+        with pytest.raises(ValueError):
+            rsa.RSAPublicKey(2, 15)
+
+        # public exp too high
+        with pytest.raises(ValueError):
+            rsa.RSAPublicKey(16, 15)