RSA Hostkey, RSA Certificate, and DH Group Exchange Moduli Tests

[jtesta]

This PR adds RSA key size checking (for both stand-alone host keys AND those in certificates), as well as Diffie-Hellman group exchange modulus tests (solves issues #19 and #24). Moduli found to be less than 2,048-bits are flagged.

Example results:

# key exchange algorithms
(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus
[...]

# host-key algorithms
(key) ssh-rsa (3072-bit)                    -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
(key) rsa-sha2-512 (3072-bit)               -- [info] available since OpenSSH 7.2
(key) rsa-sha2-256 (3072-bit)               -- [info] available since OpenSSH 7.2
(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit CA) -- [fail] using small 1024-bit modulus

Additional certificate tests can be added in the future, such as principle matching checks, and validation of time ranges. If there's interest in the obsolete "ssh-rsa-cert-v00@openssh.com" host key type, that can be added as well (this PR only handles the newer "ssh-rsa-cert-v01@openssh.com" type).

Unfortunately, I've run out of time, and can't get to fixing the mypy errors introduced. That probably isn't too hard, though, for someone familiar with mypy.

[jtesta]

I'd love to fix the failing test, but I'm not sure how to run them locally. Any hints?

[jtesta]

@arthepsy ping

[arthepsy]

@jtesta sorry for not getting back sooner. Will reply in few hours.

[jtesta]

@arthepsy re-ping

[jtesta]

@arthepsy So, uhh... hi. Its been over a year, and this hasn't been merged.

Are you still interested in maintaining this project? If not, I'd be happy to take over as maintainer!

[immanuelfodor]

And another year has passed :confused: