From d50c1e92ac789d8912f257350fe3861fce9d1095 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 6 Jun 2014 17:43:49 -0500 Subject: add rsa_generate_private_key function to replace RSAPrivateKey.generate refs #1026. #1101 is dependent on this --- cryptography/hazmat/primitives/asymmetric/rsa.py | 11 ++++++++ docs/hazmat/primitives/asymmetric/rsa.rst | 11 +++++++- tests/hazmat/primitives/test_rsa.py | 34 ++++++++++++------------ 3 files changed, 38 insertions(+), 18 deletions(-) diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py index 481797fe..94f07902 100644 --- a/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -21,6 +21,17 @@ from cryptography.hazmat.backends.interfaces import RSABackend from cryptography.hazmat.primitives import interfaces +def generate_rsa_private_key(public_exponent, key_size, backend): + if not isinstance(backend, RSABackend): + raise UnsupportedAlgorithm( + "Backend object does not implement RSABackend.", + _Reasons.BACKEND_MISSING_INTERFACE + ) + + _verify_rsa_parameters(public_exponent, key_size) + return backend.generate_rsa_private_key(public_exponent, key_size) + + def _verify_rsa_parameters(public_exponent, key_size): if public_exponent < 3: raise ValueError("public_exponent must be >= 3.") diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index 54839119..ff9b0a7b 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -7,13 +7,22 @@ RSA `RSA`_ is a `public-key`_ algorithm for encrypting and signing messages. + +.. function:: generate_rsa_private_key(public_exponent, key_size, backend) + + .. versionadded:: 0.5 + + Generate a provider of + :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` + using ``backend``. + .. class:: RSAPrivateKey(p, q, private_exponent, dmp1, dmq1, iqmp, public_exponent, modulus) .. versionadded:: 0.2 An RSA private key is required for decryption and signing of messages. - You should use :meth:`~generate` to generate new keys. + You should use :func:`generate_rsa_private_key` to generate new keys. .. warning:: This method only checks a limited set of properties of its arguments. diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index a76c0ec2..730025eb 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -94,32 +94,32 @@ class TestRSA(object): ) ) def test_generate_rsa_keys(self, backend, public_exponent, key_size): - skey = rsa.RSAPrivateKey.generate(public_exponent, key_size, backend) + skey = rsa.generate_rsa_private_key(public_exponent, key_size, backend) _check_rsa_private_key(skey) assert skey.key_size == key_size assert skey.public_exponent == public_exponent def test_generate_bad_public_exponent(self, backend): with pytest.raises(ValueError): - rsa.RSAPrivateKey.generate(public_exponent=1, - key_size=2048, - backend=backend) + rsa.generate_rsa_private_key(public_exponent=1, + key_size=2048, + backend=backend) with pytest.raises(ValueError): - rsa.RSAPrivateKey.generate(public_exponent=4, - key_size=2048, - backend=backend) + rsa.generate_rsa_private_key(public_exponent=4, + key_size=2048, + backend=backend) def test_cant_generate_insecure_tiny_key(self, backend): with pytest.raises(ValueError): - rsa.RSAPrivateKey.generate(public_exponent=65537, - key_size=511, - backend=backend) + rsa.generate_rsa_private_key(public_exponent=65537, + key_size=511, + backend=backend) with pytest.raises(ValueError): - rsa.RSAPrivateKey.generate(public_exponent=65537, - key_size=256, - backend=backend) + rsa.generate_rsa_private_key(public_exponent=65537, + key_size=256, + backend=backend) @pytest.mark.parametrize( "pkcs1_example", @@ -377,7 +377,7 @@ def test_rsa_generate_invalid_backend(): pretend_backend = object() with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): - rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend) + rsa.generate_rsa_private_key(65537, 2048, pretend_backend) @pytest.mark.rsa @@ -963,7 +963,7 @@ class TestRSAVerification(object): def test_rsa_verifier_invalid_backend(self, backend): pretend_backend = object() - private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend) + private_key = rsa.generate_rsa_private_key(65537, 2048, backend) public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): @@ -1454,7 +1454,7 @@ class TestRSADecryption(object): def test_rsa_decrypt_invalid_backend(self, backend): pretend_backend = object() - private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend) + private_key = rsa.generate_rsa_private_key(65537, 2048, backend) with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): private_key.decrypt( @@ -1633,7 +1633,7 @@ class TestRSAEncryption(object): def test_rsa_encrypt_invalid_backend(self, backend): pretend_backend = object() - private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) + private_key = rsa.generate_rsa_private_key(65537, 512, backend) public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): -- cgit v1.2.3 From 94973977da64fca479b1bfd034bcd78425224d2c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 6 Jun 2014 18:18:49 -0500 Subject: fix coverage --- tests/hazmat/primitives/test_rsa.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 730025eb..9efdfbb4 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -99,6 +99,12 @@ class TestRSA(object): assert skey.key_size == key_size assert skey.public_exponent == public_exponent + def test_generate_rsa_key_class_method(self, backend): + skey = rsa.RSAPrivateKey.generate(65537, 512, backend) + _check_rsa_private_key(skey) + assert skey.key_size == 512 + assert skey.public_exponent == 65537 + def test_generate_bad_public_exponent(self, backend): with pytest.raises(ValueError): rsa.generate_rsa_private_key(public_exponent=1, -- cgit v1.2.3 From c294c1d363dcf3feb227f45c2c31a51f623c70ae Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 6 Jun 2014 18:51:25 -0500 Subject: more coverage... --- tests/hazmat/primitives/test_rsa.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 9efdfbb4..31cb8163 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -385,6 +385,9 @@ def test_rsa_generate_invalid_backend(): with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): rsa.generate_rsa_private_key(65537, 2048, pretend_backend) + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): + rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend) + @pytest.mark.rsa class TestRSASignature(object): -- cgit v1.2.3 From 433e2a78dbafb210ddec13131b66bbb369e57d6d Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 6 Jun 2014 22:29:05 -0500 Subject: add some missing docs --- docs/hazmat/primitives/asymmetric/rsa.rst | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index ff9b0a7b..2056b010 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -12,9 +12,24 @@ RSA .. versionadded:: 0.5 - Generate a provider of - :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` - using ``backend``. + Generate an RSA private key using the provided ``backend``. + + :param int public_exponent: The public exponent of the new key. + Usually one of the small Fermat primes 3, 5, 17, 257, 65537. If in + doubt you should `use 65537`_. + :param int key_size: The length of the modulus in bits. For keys + generated in 2014 it is strongly recommended to be + `at least 2048`_ (See page 41). It must not be less than 512. + Some backends may have additional limitations. + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + provider. + :return: A :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` + provider. + + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if + the provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` .. class:: RSAPrivateKey(p, q, private_exponent, dmp1, dmq1, iqmp, public_exponent, modulus) -- cgit v1.2.3 From 040e1607db6601e510e178e7545b8b079bbc890b Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 7 Jun 2014 00:03:24 -0500 Subject: rename the function --- cryptography/hazmat/primitives/asymmetric/rsa.py | 2 +- tests/hazmat/primitives/test_rsa.py | 34 ++++++++++++------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py index 94f07902..b256ddcc 100644 --- a/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -21,7 +21,7 @@ from cryptography.hazmat.backends.interfaces import RSABackend from cryptography.hazmat.primitives import interfaces -def generate_rsa_private_key(public_exponent, key_size, backend): +def generate_private_key(public_exponent, key_size, backend): if not isinstance(backend, RSABackend): raise UnsupportedAlgorithm( "Backend object does not implement RSABackend.", diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 31cb8163..4f917d66 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -94,7 +94,7 @@ class TestRSA(object): ) ) def test_generate_rsa_keys(self, backend, public_exponent, key_size): - skey = rsa.generate_rsa_private_key(public_exponent, key_size, backend) + skey = rsa.generate_private_key(public_exponent, key_size, backend) _check_rsa_private_key(skey) assert skey.key_size == key_size assert skey.public_exponent == public_exponent @@ -107,25 +107,25 @@ class TestRSA(object): def test_generate_bad_public_exponent(self, backend): with pytest.raises(ValueError): - rsa.generate_rsa_private_key(public_exponent=1, - key_size=2048, - backend=backend) + rsa.generate_private_key(public_exponent=1, + key_size=2048, + backend=backend) with pytest.raises(ValueError): - rsa.generate_rsa_private_key(public_exponent=4, - key_size=2048, - backend=backend) + rsa.generate_private_key(public_exponent=4, + key_size=2048, + backend=backend) def test_cant_generate_insecure_tiny_key(self, backend): with pytest.raises(ValueError): - rsa.generate_rsa_private_key(public_exponent=65537, - key_size=511, - backend=backend) + rsa.generate_private_key(public_exponent=65537, + key_size=511, + backend=backend) with pytest.raises(ValueError): - rsa.generate_rsa_private_key(public_exponent=65537, - key_size=256, - backend=backend) + rsa.generate_private_key(public_exponent=65537, + key_size=256, + backend=backend) @pytest.mark.parametrize( "pkcs1_example", @@ -383,7 +383,7 @@ def test_rsa_generate_invalid_backend(): pretend_backend = object() with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): - rsa.generate_rsa_private_key(65537, 2048, pretend_backend) + rsa.generate_private_key(65537, 2048, pretend_backend) with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend) @@ -972,7 +972,7 @@ class TestRSAVerification(object): def test_rsa_verifier_invalid_backend(self, backend): pretend_backend = object() - private_key = rsa.generate_rsa_private_key(65537, 2048, backend) + private_key = rsa.generate_private_key(65537, 2048, backend) public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): @@ -1463,7 +1463,7 @@ class TestRSADecryption(object): def test_rsa_decrypt_invalid_backend(self, backend): pretend_backend = object() - private_key = rsa.generate_rsa_private_key(65537, 2048, backend) + private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend) with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): private_key.decrypt( @@ -1642,7 +1642,7 @@ class TestRSAEncryption(object): def test_rsa_encrypt_invalid_backend(self, backend): pretend_backend = object() - private_key = rsa.generate_rsa_private_key(65537, 512, backend) + private_key = rsa.RSAPrivateKey.generate(65537, 512, backend) public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): -- cgit v1.2.3 From 9412e28901e10bab7a458d5835b4557b67be3fb1 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 7 Jun 2014 13:18:59 -0500 Subject: rename the docs too. --- docs/hazmat/primitives/asymmetric/rsa.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index 2056b010..71b7cd9c 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -8,7 +8,7 @@ RSA `RSA`_ is a `public-key`_ algorithm for encrypting and signing messages. -.. function:: generate_rsa_private_key(public_exponent, key_size, backend) +.. function:: generate_private_key(public_exponent, key_size, backend) .. versionadded:: 0.5 @@ -37,7 +37,7 @@ RSA An RSA private key is required for decryption and signing of messages. - You should use :func:`generate_rsa_private_key` to generate new keys. + You should use :func:`generate_private_key` to generate new keys. .. warning:: This method only checks a limited set of properties of its arguments. -- cgit v1.2.3