From 4eaab17b738963335c76cfafafee44fef8203dee Mon Sep 17 00:00:00 2001
From: Alex Stapleton <alexs@prol.etari.at>
Date: Thu, 6 Feb 2014 21:06:18 +0000
Subject: More sanity checks

---
 cryptography/hazmat/primitives/asymmetric/rsa.py |  9 +++++++++
 docs/hazmat/primitives/rsa.rst                   |  6 +++---
 tests/hazmat/primitives/test_rsa.py              | 12 ++++++++++++
 3 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py
index 3dd88e91..9124757a 100644
--- a/cryptography/hazmat/primitives/asymmetric/rsa.py
+++ b/cryptography/hazmat/primitives/asymmetric/rsa.py
@@ -82,12 +82,21 @@ class RSAPrivateKey(object):
         if modulus < 3:
             raise ValueError("modulus must be >= 3")
 
+        if p >= modulus:
+            raise ValueError("p must be < modulus")
+
+        if q >= modulus:
+            raise ValueError("q must be < modulus")
+
         if private_exponent >= modulus:
             raise ValueError("private_exponent must be < modulus")
 
         if public_exponent < 3 or public_exponent >= modulus:
             raise ValueError("public_exponent must be >= 3 and < modulus")
 
+        if p * q != modulus:
+            raise ValueError("p*q must equal modulus")
+
         self._p = p
         self._q = q
         self._private_exponent = private_exponent
diff --git a/docs/hazmat/primitives/rsa.rst b/docs/hazmat/primitives/rsa.rst
index f79b9300..3c509cf9 100644
--- a/docs/hazmat/primitives/rsa.rst
+++ b/docs/hazmat/primitives/rsa.rst
@@ -22,9 +22,9 @@ RSA
 
     :raises TypeError: This is raised when the arguments are not all integers. 
 
-    :raises ValueError: This is raised when the values of `private_exponent`,
-                        `public_exponent` or `modulus` do not match the bounds
-                        specified in `RFC 3447`_
+    :raises ValueError: This is raised when the values of `p`, `q`,
+                        `private_exponent`, `public_exponent` or `modulus` do 
+                        not match the bounds specified in `RFC 3447`_.
 
 .. class:: RSAPublicKey(public_exponent, modulus)
     
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 5b1b3658..35207c11 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -72,6 +72,18 @@ class TestRSA(object):
         with pytest.raises(ValueError):
             rsa.RSAPrivateKey(3, 5, 14, 8, 2)
 
+        # modulus wrong
+        with pytest.raises(ValueError):
+            rsa.RSAPrivateKey(3, 5, 14, 8, 16)
+
+        # p too high
+        with pytest.raises(ValueError):
+            rsa.RSAPrivateKey(16, 5, 14, 8, 15)
+
+        # q too high
+        with pytest.raises(ValueError):
+            rsa.RSAPrivateKey(3, 16, 14, 8, 15)
+
         # private exp too high
         with pytest.raises(ValueError):
             rsa.RSAPrivateKey(3, 5, 16, 8, 15)
-- 
cgit v1.2.3