Skip to content

To be able to verify that keys are of a certain length/size. #96

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 19, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion src/cryptojwt/jwk/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ def serialize(self, private=False):

def get_key(self, private=False, **kwargs):
"""
Get a keys useful for signing and/or encrypting information.
Get a key useful for signing and/or encrypting information.

:param private: Private key requested. If false return a public key.
:return: A key instance. This can be an RSA, EC or other
Expand Down Expand Up @@ -290,6 +290,9 @@ def appropriate_for(self, usage, **kwargs):
def update(self):
pass

def key_len(self):
raise NotImplemented


def pems_to_x5c(cert_chain):
"""
Expand Down
10 changes: 10 additions & 0 deletions src/cryptojwt/jwk/ec.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import ec

from cryptojwt.exception import KeyNotFound

from ..exception import DeSerializationNotPossible
from ..exception import JWKESTException
from ..exception import UnsupportedECurve
Expand Down Expand Up @@ -254,6 +256,14 @@ def __eq__(self, other):

return False

def key_len(self):
if self.priv_key:
return self.priv_key.key_size
elif self.pub_key:
return self.pub_key.key_size
else:
raise KeyNotFound


def cmp_keys(a, b, key_type):
if isinstance(a, key_type):
Expand Down
8 changes: 8 additions & 0 deletions src/cryptojwt/jwk/hmac.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
import logging
import os

from cryptojwt.exception import KeyNotFound

from ..exception import JWKException
from ..exception import UnsupportedAlgorithm
from ..exception import WrongUsage
Expand Down Expand Up @@ -149,6 +151,12 @@ def __eq__(self, other):

return True

def key_len(self):
if self.key:
return len(self.key)
else:
raise KeyNotFound


def new_sym_key(use="", bytes=24, kid=""):
_key = SYMKey(use=use, kid=kid, key=as_unicode(os.urandom(bytes)))
Expand Down
10 changes: 10 additions & 0 deletions src/cryptojwt/jwk/rsa.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa

from cryptojwt.exception import KeyNotFound

from ..exception import DeSerializationNotPossible
from ..exception import JWKESTException
from ..exception import SerializationNotPossible
Expand Down Expand Up @@ -470,6 +472,14 @@ def __eq__(self, other):
else:
return cmp_private_numbers(pn1, pn2)

def key_len(self):
if self.priv_key:
return self.priv_key.key_size
elif self.pub_key:
return self.pub_key.key_size
else:
raise KeyNotFound


def new_rsa_key(key_size=2048, kid="", public_exponent=65537, **kwargs):
"""
Expand Down
10 changes: 10 additions & 0 deletions tests/test_02_jwk.py
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,12 @@ def test_dumps():
assert _eq(list(jwk.keys()), ["kty", "e", "n", "kid"])


def test_key_size():
_ckey = import_rsa_key_from_cert_file(CERT)
jwk = jwk_wrap(_ckey)
assert jwk.key_len() == 1024


def test_import_rsa_key():
_ckey = import_private_rsa_key_from_file(full_path(KEY))
assert isinstance(_ckey, rsa.RSAPrivateKey)
Expand Down Expand Up @@ -163,6 +169,7 @@ def test_verify_2():
_key = RSAKey()
_key.load_key(import_rsa_key_from_cert_file(CERT))
assert _key.verify()
assert _key.key_len() == 1024 # default


def test_cmp_rsa():
Expand All @@ -188,11 +195,13 @@ def test_import_export_eckey():
_key = ECKey(**ECKEY)
_key.deserialize()
assert _eq(list(_key.keys()), ["y", "x", "d", "crv", "kty"])
assert _key.key_len() == 521


def test_new_ec_key():
ec_key = new_ec_key("P-256")
assert isinstance(ec_key, ECKey)
assert ec_key.key_len() == 256


def test_create_eckey():
Expand Down Expand Up @@ -622,6 +631,7 @@ def test_mint_new_sym_key():
assert key.use == "sig"
assert key.kid == "one"
assert len(key.key) == 24
assert key.key_len() == 24


def test_dump_load():
Expand Down