Skip to content

Commit

Permalink
Replace RSA-512 test keys with RSA-2048 (#1281)
Browse files Browse the repository at this point in the history 
RSA-512 was factored in 1999. Since none of these tests are specific to
the size of the RSA key, best to test inputs that are representative of
real-world inputs, lest the underlying cryptography library start
enforcing post-1999 security levels.
  • Loading branch information
@davidben
davidben committed Jan 10, 2024
1 parent 8219562 commit 920fa96
Showing 1 changed file with 12 additions and 12 deletions.
24 changes: 12 additions & 12 deletions tests/test_crypto.py
View file
Expand Up @@ -770,7 +770,7 @@ def x509_data():
"""
# Basic setup stuff to generate a certificate
pkey = PKey()
pkey.generate_key(TYPE_RSA, 512)
pkey.generate_key(TYPE_RSA, 2048)
req = X509Req()
req.set_pubkey(pkey)
# Authority good you have.
Expand Down Expand Up @@ -1123,7 +1123,7 @@ def test_rsa_generation(self):
`PKey.generate_key` generates an RSA key when passed `TYPE_RSA` as a
type and a reasonable number of bits.
"""
bits = 512
bits = 2048
key = PKey()
key.generate_key(TYPE_RSA, bits)
assert key.type() == TYPE_RSA
Expand Down Expand Up @@ -1152,7 +1152,7 @@ def test_regeneration(self):
generate new keys.
"""
key = PKey()
for type, bits in [(TYPE_RSA, 512), (TYPE_DSA, 576)]:
for type, bits in [(TYPE_RSA, 2048), (TYPE_DSA, 576)]:
key.generate_key(type, bits)
assert key.type() == type
assert key.bits() == bits
Expand All @@ -1173,7 +1173,7 @@ def test_check_public_key(self):
"""
# A trick to get a public-only key
key = PKey()
key.generate_key(TYPE_RSA, 512)
key.generate_key(TYPE_RSA, 2048)
cert = X509()
cert.set_pubkey(key)
pub = cert.get_pubkey()
Expand Down Expand Up @@ -1487,7 +1487,7 @@ def test_sign_with_public_key(self):
"""
request = self.signable()
key = PKey()
key.generate_key(TYPE_RSA, 512)
key.generate_key(TYPE_RSA, 2048)
request.set_pubkey(key)
pub = request.get_pubkey()
with pytest.raises(ValueError):
Expand All @@ -1500,7 +1500,7 @@ def test_sign_with_unknown_digest(self):
"""
request = self.signable()
key = PKey()
key.generate_key(TYPE_RSA, 512)
key.generate_key(TYPE_RSA, 2048)
with pytest.raises(ValueError):
request.sign(key, BAD_DIGEST)

Expand All @@ -1512,7 +1512,7 @@ def test_sign(self):
"""
request = self.signable()
key = PKey()
key.generate_key(TYPE_RSA, 512)
key.generate_key(TYPE_RSA, 2048)
request.set_pubkey(key)
request.sign(key, GOOD_DIGEST)
# If the type has a verify method, cover that too.
Expand All @@ -1521,7 +1521,7 @@ def test_sign(self):
assert request.verify(pub)
# Make another key that won't verify.
key = PKey()
key.generate_key(TYPE_RSA, 512)
key.generate_key(TYPE_RSA, 2048)
with pytest.raises(Error):
request.verify(key)

Expand Down Expand Up @@ -2773,7 +2773,7 @@ def test_dump_privatekey_wrong_args(self):
argument but no `passphrase` argument.
"""
key = PKey()
key.generate_key(TYPE_RSA, 512)
key.generate_key(TYPE_RSA, 2048)
with pytest.raises(TypeError):
dump_privatekey(FILETYPE_PEM, key, cipher=GOOD_CIPHER)

Expand All @@ -2797,7 +2797,7 @@ def test_dump_privatekey_unknown_cipher(self):
cipher name.
"""
key = PKey()
key.generate_key(TYPE_RSA, 512)
key.generate_key(TYPE_RSA, 2048)
with pytest.raises(ValueError):
dump_privatekey(FILETYPE_PEM, key, BAD_CIPHER, "passphrase")

Expand All @@ -2807,7 +2807,7 @@ def test_dump_privatekey_invalid_passphrase_type(self):
is neither a `str` nor a callable.
"""
key = PKey()
key.generate_key(TYPE_RSA, 512)
key.generate_key(TYPE_RSA, 2048)
with pytest.raises(TypeError):
dump_privatekey(FILETYPE_PEM, key, GOOD_CIPHER, object())

Expand All @@ -2817,7 +2817,7 @@ def test_dump_privatekey_invalid_filetype(self):
filetype.
"""
key = PKey()
key.generate_key(TYPE_RSA, 512)
key.generate_key(TYPE_RSA, 2048)
with pytest.raises(ValueError):
dump_privatekey(100, key)

Expand Down

0 comments on commit 920fa96

Please sign in to comment.