summaryrefslogtreecommitdiff
path: root/python/vyos/configverify.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-10-30 21:13:35 +0100
committerChristian Poessinger <christian@poessinger.com>2020-10-30 21:13:35 +0100
commit700d03d241b7335d9c647afb114100929dfbd909 (patch)
tree870cd187db57915d40e8e4d7a2b14f238ba3ddfc /python/vyos/configverify.py
parent5ffe914cb35f77dad3a095ca7167e46d9f087b33 (diff)
downloadvyos-1x-700d03d241b7335d9c647afb114100929dfbd909.tar.gz
vyos-1x-700d03d241b7335d9c647afb114100929dfbd909.zip
openvpn: T2994: verify DH key length
Diffstat (limited to 'python/vyos/configverify.py')
-rw-r--r--python/vyos/configverify.py24
1 files changed, 24 insertions, 0 deletions
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index d3ca56d11..babb0feb7 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -259,3 +259,27 @@ def verify_accel_ppp_base_service(config):
if 'delegation_prefix' not in ipv6_pool['delegate'][delegate]:
raise ConfigError('delegation-prefix length required!')
+def verify_diffie_hellman_length(file, min_keysize):
+ """ Verify Diffie-Hellamn keypair length given via file. It must be greater
+ then or equal to min_keysize """
+
+ try:
+ keysize = str(min_keysize)
+ except:
+ return False
+
+ import os
+ import re
+ from vyos.util import cmd
+
+ if os.path.exists(file):
+
+ out = cmd(f'openssl dhparam -inform PEM -in {file} -text')
+ prog = re.compile('\d+\s+bit')
+ if prog.search(out):
+ bits = prog.search(out)[0].split()[0]
+ if int(min_keysize) >= int(bits):
+ return True
+
+ return False
+