From 700d03d241b7335d9c647afb114100929dfbd909 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 30 Oct 2020 21:13:35 +0100 Subject: openvpn: T2994: verify DH key length --- python/vyos/configverify.py | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'python/vyos/configverify.py') diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index d3ca56d11..babb0feb7 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -259,3 +259,27 @@ def verify_accel_ppp_base_service(config): if 'delegation_prefix' not in ipv6_pool['delegate'][delegate]: raise ConfigError('delegation-prefix length required!') +def verify_diffie_hellman_length(file, min_keysize): + """ Verify Diffie-Hellamn keypair length given via file. It must be greater + then or equal to min_keysize """ + + try: + keysize = str(min_keysize) + except: + return False + + import os + import re + from vyos.util import cmd + + if os.path.exists(file): + + out = cmd(f'openssl dhparam -inform PEM -in {file} -text') + prog = re.compile('\d+\s+bit') + if prog.search(out): + bits = prog.search(out)[0].split()[0] + if int(min_keysize) >= int(bits): + return True + + return False + -- cgit v1.2.3