diff options
| -rw-r--r-- | cryptography/hazmat/primitives/asymmetric/rsa.py | 9 | ||||
| -rw-r--r-- | docs/hazmat/primitives/rsa.rst | 6 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_rsa.py | 12 |
3 files changed, 24 insertions, 3 deletions
diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py index 3dd88e91..9124757a 100644 --- a/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -82,12 +82,21 @@ class RSAPrivateKey(object): if modulus < 3: raise ValueError("modulus must be >= 3") + if p >= modulus: + raise ValueError("p must be < modulus") + + if q >= modulus: + raise ValueError("q must be < modulus") + if private_exponent >= modulus: raise ValueError("private_exponent must be < modulus") if public_exponent < 3 or public_exponent >= modulus: raise ValueError("public_exponent must be >= 3 and < modulus") + if p * q != modulus: + raise ValueError("p*q must equal modulus") + self._p = p self._q = q self._private_exponent = private_exponent diff --git a/docs/hazmat/primitives/rsa.rst b/docs/hazmat/primitives/rsa.rst index f79b9300..3c509cf9 100644 --- a/docs/hazmat/primitives/rsa.rst +++ b/docs/hazmat/primitives/rsa.rst @@ -22,9 +22,9 @@ RSA :raises TypeError: This is raised when the arguments are not all integers. - :raises ValueError: This is raised when the values of `private_exponent`, - `public_exponent` or `modulus` do not match the bounds - specified in `RFC 3447`_ + :raises ValueError: This is raised when the values of `p`, `q`, + `private_exponent`, `public_exponent` or `modulus` do + not match the bounds specified in `RFC 3447`_. .. class:: RSAPublicKey(public_exponent, modulus) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 5b1b3658..35207c11 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -72,6 +72,18 @@ class TestRSA(object): with pytest.raises(ValueError): rsa.RSAPrivateKey(3, 5, 14, 8, 2) + # modulus wrong + with pytest.raises(ValueError): + rsa.RSAPrivateKey(3, 5, 14, 8, 16) + + # p too high + with pytest.raises(ValueError): + rsa.RSAPrivateKey(16, 5, 14, 8, 15) + + # q too high + with pytest.raises(ValueError): + rsa.RSAPrivateKey(3, 16, 14, 8, 15) + # private exp too high with pytest.raises(ValueError): rsa.RSAPrivateKey(3, 5, 16, 8, 15) |