Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

limbo: add RSA key size tests #184

Merged
merged 2 commits into from
Jan 31, 2024
Merged

limbo: add RSA key size tests #184

merged 2 commits into from
Jan 31, 2024

Conversation

woodruffw
Copy link
Collaborator

This adds two RSA key tests: one for small RSA keys (forbidden under CABF), and one for keys that aren't divisible by 8 (forbidden under CABF, but universally ignored).

@woodruffw
limbo: add RSA key size tests
ff5ef42 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw woodruffw requested a review from alex January 30, 2024 23:46
@woodruffw woodruffw self-assigned this Jan 30, 2024
@woodruffw woodruffw mentioned this pull request Jan 30, 2024
Merged
alex
alex reviewed Jan 30, 2024
View reviewed changes
limbo/testcases/webpki/__init__.py Outdated
below the security margin (2048) required under CABF 6.1.5.
"""

root_key = rsa.generate_private_key(65537, 1024)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

strongly suggest making these kwargs for readability

@woodruffw
kwargs
dfaef28 
Signed-off-by: William Woodruff <william@trailofbits.com>
@alex
Copy link
Collaborator

alex commented Jan 30, 2024

Right now these are tests of the EE key size, which are not used in validation. Should there be, in either in addition or instead of, tests for weak keys that are used to validate signatures?

@woodruffw
Copy link
Collaborator Author

Right now these are tests of the EE key size, which are not used in validation. Should there be, in either in addition or instead of, tests for weak keys that are used to validate signatures?

I think you got this flipped (unless I completely mis-wrote these): the current tests are for weak RSA keys on certificate signatures, but I need to add some more tests for weak RSA keys in EE certs.

@alex
Copy link
Collaborator

alex commented Jan 30, 2024

yup, total brain fart.

weak keys in EE are a bit different and should be handled in a seperate PR

@woodruffw woodruffw merged commit 481b5d5 into main Jan 31, 2024
6 checks passed
@woodruffw woodruffw deleted the ww/rsa-keys branch January 31, 2024 00:00
@woodruffw woodruffw mentioned this pull request Jan 31, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alex alex alex approved these changes

Assignees

@woodruffw woodruffw

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@woodruffw @alex