rspec/rules/S4426/python/rule.adoc

When generating cryptographic keys (or key pairs), it is important to use strong parameters. Key length, for instance, should provides enough entropy against brute-force attacks. 

* For <code>RSA</code> and <code>DSA</code> algorithms key size should be at least 2048 bits long
* For <code>ECC</code> (elliptic curve cryptography) algorithms key size should be at least 224 bits long
* For <code>RSA</code> public key exponent should be at least 65537.

This rule raises an issue when an <code>RSA</code>, <code>DSA</code> or <code>ECC</code> key-pair generator is initialized using weak parameters. 
It supports the following libraries:
* https://github.com/pyca/cryptography[cryptography]
* https://github.com/dlitz/pycrypto[PyCrypto]
* https://github.com/Legrandin/pycryptodome[Cryptodome]

== Noncompliant Code Example

----
from cryptography.hazmat.primitives.asymmetric import rsa, ec, dsa

dsa.generate_private_key(key_size=1024, backend=backend) # Noncompliant
rsa.generate_private_key(public_exponent=999, key_size=2048, backend=backend) # Noncompliant
ec.generate_private_key(curve=ec.SECT163R2, backend=backend)  # Noncompliant
----

== Compliant Solution

----
from cryptography.hazmat.primitives.asymmetric import rsa, ec, dsa

dsa.generate_private_key(key_size=2048, backend=backend) # Compliant
rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=backend) # Compliant
ec.generate_private_key(curve=ec.SECT409R1, backend=backend) # Compliant
----

== See

* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
* https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration[OWASP Top 10 2017 Category A9] - Security Misconfiguration
* https://www.ssi.gouv.fr/uploads/2014/11/RGS_v-2-0_B1.pdf[ANSSI RGSv2] - Référentiel Général de Sécurité version 2
* https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf[NIST FIPS 186-4] - Digital Signature Standard (DSS)
* http://cwe.mitre.org/data/definitions/326.html[MITRE, CWE-326] - Inadequate Encryption Strength
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`When generating cryptographic keys (or key pairs), it is important to use strong parameters. Key length, for instance, should provides enough entropy against brute-force attacks.`

			`* For <code>RSA</code> and <code>DSA</code> algorithms key size should be at least 2048 bits long`
			`* For <code>ECC</code> (elliptic curve cryptography) algorithms key size should be at least 224 bits long`
			`* For <code>RSA</code> public key exponent should be at least 65537.`

			`This rule raises an issue when an <code>RSA</code>, <code>DSA</code> or <code>ECC</code> key-pair generator is initialized using weak parameters.`
			`It supports the following libraries:`
			`* https://github.com/pyca/cryptography[cryptography]`
			`* https://github.com/dlitz/pycrypto[PyCrypto]`
			`* https://github.com/Legrandin/pycryptodome[Cryptodome]`

			`== Noncompliant Code Example`

			`----`
			`from cryptography.hazmat.primitives.asymmetric import rsa, ec, dsa`

			`dsa.generate_private_key(key_size=1024, backend=backend) # Noncompliant`
			`rsa.generate_private_key(public_exponent=999, key_size=2048, backend=backend) # Noncompliant`
			`ec.generate_private_key(curve=ec.SECT163R2, backend=backend) # Noncompliant`
			`----`

			`== Compliant Solution`

			`----`
			`from cryptography.hazmat.primitives.asymmetric import rsa, ec, dsa`

			`dsa.generate_private_key(key_size=2048, backend=backend) # Compliant`
			`rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=backend) # Compliant`
			`ec.generate_private_key(curve=ec.SECT409R1, backend=backend) # Compliant`
			`----`

			`== See`

			`* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure`
			`* https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration[OWASP Top 10 2017 Category A9] - Security Misconfiguration`
			`* https://www.ssi.gouv.fr/uploads/2014/11/RGS_v-2-0_B1.pdf[ANSSI RGSv2] - Référentiel Général de Sécurité version 2`
			`* https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf[NIST FIPS 186-4] - Digital Signature Standard (DSS)`
			`* http://cwe.mitre.org/data/definitions/326.html[MITRE, CWE-326] - Inadequate Encryption Strength`