Add more robust parameter and key processing for DH, DSA, and RSA#14992
Add more robust parameter and key processing for DH, DSA, and RSA#14992sjudson wants to merge 3 commits into
Conversation
…sistent with the existing test suite.
alex
left a comment
alex
left a comment
There was a problem hiding this comment.
All the new vectors need to be documented in test-vectors.rst -- please split those out into their own PR.
For ease of review, I think it'd be best to split the actual changes into one PR per algorithm.
| } | ||
|
|
||
| pub(crate) fn private_key_from_pkey( | ||
| _py: pyo3::Python<'_>, |
There was a problem hiding this comment.
If we don't need this arg, we can just drop it.
| let numbers = key.public_numbers(py)?; | ||
| check_public_key_components(numbers.e.bind(py), numbers.n.bind(py))?; |
There was a problem hiding this comment.
Hmm, ideally we wouldn't have to round trip via the public numbers to create a public key... is there some way to structure this to avoid that?
There was a problem hiding this comment.
@alex thoughts on this alternative? Modifies the existing check to work on bignums as well.
There was a problem hiding this comment.
I'll leave this as the RSA PR btw, and split out the DH and DSA and vectors as requested
sjudson
force-pushed
the
sj/robust-processing
branch
from
85717cf to
2c0c828
Compare
2 participants
This PR adds more robust parameter processing for DH and key processing for DSA and RSA. In particular:
e != 1) are added to the PEM and DER load paths, alongside where they were already used for direct constructions; andcheck_dsa_public_numbers, is added to verify that for DSA the publicyvalue both1 < y < pandy ** q mod p = 1, as keys failing validation may be weak to forgery.A new batch of appropriate tests are also added, including invalid test keys.