libp2p/go-libp2p-core
1
0
Fork 0
mirror of https://github.com/libp2p/go-libp2p-core.git synced 2025-04-28 17:10:14 +08:00
Code Issues Projects Releases Wiki Activity

Merge pull request from libp2p/bug/weak-rsa-keys

Browse Source 
Raise minimum bits required for RSA key to 2048
This commit is contained in:
bigs 2019-08-01 15:28:04 -08:00 committed by GitHub
commit a7cc4bffb1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 24 additions and 8 deletions

1
.travis.yml
View File

@ -9,6 +9,7 @@ go:
env:
global:
- BUILD_DEPTYPE=gomod
- LIBP2P_ALLOW_WEAK_RSA_KEYS=1
matrix:
- GOTFLAGS="-race"
- GOTFLAGS="-race -tags=openssl"

23
crypto/rsa_common.go
View File

@ -1,10 +1,25 @@
package crypto
import (
"errors"
"fmt"
"os"
)
// WeakRsaKeyEnv is an environment variable which, when set, lowers the
// minimum required bits of RSA keys to 512. This should be used exclusively in
// test situations.
const WeakRsaKeyEnv = "LIBP2P_ALLOW_WEAK_RSA_KEYS"
var MinRsaKeyBits = 2048
// ErrRsaKeyTooSmall is returned when trying to generate or parse an RSA key
// that's smaller than 512 bits. Keys need to be larger enough to sign a 256bit
// hash so this is a reasonable absolute minimum.
var ErrRsaKeyTooSmall = errors.New("rsa keys must be >= 512 bits to be useful")
// that's smaller than MinRsaKeyBits bits. In test
var ErrRsaKeyTooSmall error
func init() {
if _, ok := os.LookupEnv(WeakRsaKeyEnv); ok {
MinRsaKeyBits = 512
}
ErrRsaKeyTooSmall = fmt.Errorf("rsa keys must be >= %d bits to be useful", MinRsaKeyBits)
}

6
crypto/rsa_go.go
View File

@ -27,7 +27,7 @@ type RsaPublicKey struct {
// GenerateRSAKeyPair generates a new rsa private and public key
func GenerateRSAKeyPair(bits int, src io.Reader) (PrivKey, PubKey, error) {
if bits < 512 {
if bits < MinRsaKeyBits {
return nil, nil, ErrRsaKeyTooSmall
}
priv, err := rsa.GenerateKey(src, bits)
@ -102,7 +102,7 @@ func UnmarshalRsaPrivateKey(b []byte) (PrivKey, error) {
if err != nil {
return nil, err
}
if sk.N.BitLen() < 512 {
if sk.N.BitLen() < MinRsaKeyBits {
return nil, ErrRsaKeyTooSmall
}
return &RsaPrivateKey{sk: *sk}, nil
@ -118,7 +118,7 @@ func UnmarshalRsaPublicKey(b []byte) (PubKey, error) {
if !ok {
return nil, errors.New("not actually an rsa public key")
}
if pk.N.BitLen() < 512 {
if pk.N.BitLen() < MinRsaKeyBits {
return nil, ErrRsaKeyTooSmall
}
return &RsaPublicKey{*pk}, nil

2
crypto/rsa_openssl.go
View File

@ -21,7 +21,7 @@ type RsaPublicKey struct {
// GenerateRSAKeyPair generates a new rsa private and public key
func GenerateRSAKeyPair(bits int, _ io.Reader) (PrivKey, PubKey, error) {
if bits < 512 {
if bits < MinRsaKeyBits {
return nil, nil, ErrRsaKeyTooSmall
}