def test_decode_tiny_rsa_keypair(self):
'''
An unreasonably small RSA key is rejected ("unreasonably small"
means less that 2048 bits)
'''
with self.assertRaises(ValueError):
rsa.create_signing_keypair_from_string(self.RSA_TINY_PRIV_KEY)
def test_decode_huge_rsa_keypair(self):
'''
An unreasonably _large_ RSA key is rejected ("unreasonably large"
means 32768 or more bits)
'''
with self.assertRaises(ValueError):
rsa.create_signing_keypair_from_string(self.RSA_HUGE_PRIV_KEY)
def test_keys(self):
"""
test that two instances of 'the same' key sign and verify data
in the same way
"""
priv_key, pub_key = rsa.create_signing_keypair(2048)
priv_key_str = rsa.der_string_from_signing_key(priv_key)
self.assertIsInstance(priv_key_str, native_bytes)
priv_key2, pub_key2 = rsa.create_signing_keypair_from_string(
priv_key_str)
# instead of asking "are these two keys equal", we can instead
# test their function: can the second key verify a signature
# produced by the first (and FAIL a signature with different
# data)
data_to_sign = b"test data"
sig0 = rsa.sign_data(priv_key, data_to_sign)
rsa.verify_signature(pub_key2, sig0, data_to_sign)
# ..and the other way
sig1 = rsa.sign_data(priv_key2, data_to_sign)
rsa.verify_signature(pub_key, sig1, data_to_sign)
# ..and a failed way
with self.assertRaises(rsa.BadSignature):
rsa.verify_signature(pub_key, sig1, data_to_sign + b"more")
def test_decode_rsa_keypair(self):
'''
This simply checks that keys and signatures generated using the old code are still valid
using the new code.
'''
priv_key, pub_key = rsa.create_signing_keypair_from_string(
self.RSA_2048_PRIV_KEY)
rsa.verify_signature(pub_key, self.RSA_2048_SIG, b'test')
def _try_to_validate_privkey(self, enc_privkey, reader, server):
alleged_privkey_s = self._node._decrypt_privkey(enc_privkey)
alleged_writekey = hashutil.ssk_writekey_hash(alleged_privkey_s)
if alleged_writekey != self._node.get_writekey():
self.log("invalid privkey from %s shnum %d" %
(reader, reader.shnum),
level=log.WEIRD,
umid="YIw4tA")
if self._verify:
self.servermap.mark_bad_share(server, reader.shnum,
self.verinfo[-2])
e = CorruptShareError(server, reader.shnum, "invalid privkey")
f = failure.Failure(e)
self._bad_shares.add((server, reader.shnum, f))
return
# it's good
self.log("got valid privkey from shnum %d on reader %s" %
(reader.shnum, reader))
privkey, _ = rsa.create_signing_keypair_from_string(alleged_privkey_s)
self._node._populate_encprivkey(enc_privkey)
self._node._populate_privkey(privkey)
self._need_privkey = False