From 2e1a0a8aef54986f62a75bd9eec1eeaf7e87b5f1 Mon Sep 17 00:00:00 2001
From: "Stuart D. Gathman" <stuart@spidey2>
Date: Thu, 25 Oct 2012 15:14:46 -0400
Subject: [PATCH] Raise KeyFormatError when public key is too small.

---
 dkim/__init__.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/dkim/__init__.py b/dkim/__init__.py
index f924a3e..e5f1d00 100644
--- a/dkim/__init__.py
+++ b/dkim/__init__.py
@@ -65,6 +65,17 @@ __all__ = [
 Relaxed = b'relaxed'    # for clients passing dkim.Relaxed
 Simple = b'simple'      # for clients passing dkim.Simple
 
+# DKIM standard requires minimum key length of 1024
+MINKEY = 1L << 1023
+
+def bitsize(x):
+    """Return size of long in bits."""
+    b = 0
+    while x > 0:
+      x >>= 1
+      b += 1
+    return b
+
 class DKIMException(Exception):
     """Base class for DKIM errors."""
     pass
@@ -534,6 +545,9 @@ class DKIM(object):
         raise KeyFormatError(e)
     try:
         pk = parse_public_key(base64.b64decode(pub[b'p']))
+        if pk['modulus'] < MINKEY:
+          raise KeyFormatError("public key too small: %d"
+                % bitsize(pk['modulus']))
     except KeyError:
         raise KeyFormatError("incomplete public key: %s" % s)
     except (TypeError,UnparsableKeyError) as e: