From 2f7f5e9691d8c61e042b4a7e6762c5982984fdca Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Tue, 27 May 2014 08:07:31 -0500
Subject: add RSA private key generation restrictions to primitive layer

---
 tests/hazmat/backends/test_openssl.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'tests/hazmat/backends/test_openssl.py')

diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 0ccf7286..bfcdf14a 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -277,6 +277,22 @@ class TestOpenSSLRSA(object):
         assert backend.generate_rsa_parameters_supported(3, 1024) is True
         assert backend.generate_rsa_parameters_supported(3, 511) is False
 
+    def test_generate_bad_public_exponent(self):
+        with pytest.raises(ValueError):
+            backend.generate_rsa_private_key(public_exponent=1, key_size=2048)
+
+        with pytest.raises(ValueError):
+            backend.generate_rsa_private_key(public_exponent=4, key_size=2048)
+
+    def test_cant_generate_insecure_tiny_key(self):
+        with pytest.raises(ValueError):
+            backend.generate_rsa_private_key(public_exponent=65537,
+                                             key_size=511)
+
+        with pytest.raises(ValueError):
+            backend.generate_rsa_private_key(public_exponent=65537,
+                                             key_size=256)
+
     @pytest.mark.skipif(
         backend._lib.OPENSSL_VERSION_NUMBER >= 0x1000100f,
         reason="Requires an older OpenSSL. Must be < 1.0.1"
-- 
cgit v1.2.3