Add env flag for allowing unsafe rsa keys in tests

2025-04-28 17:10:14 +08:00 · 2019-07-12 16:04:56 -04:00 · 2019-07-12 16:04:56 -04:00 · c817d49d02
commit c817d49d02
parent f10115e58f
4 changed files with 23 additions and 9 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -9,6 +9,7 @@ go:
 env:
  global:
    - BUILD_DEPTYPE=gomod
+    - LIBP2P_ALLOW_UNSAFE_RSA_KEYS=1
  matrix:
    - GOTFLAGS="-race"
    - GOTFLAGS="-race -tags=openssl"
--- a/crypto/key_test.go
+++ b/crypto/key_test.go
@ -17,7 +17,7 @@ func TestKeys(t *testing.T) {
 }

 func testKeyType(typ int, t *testing.T) {
-	sk, pk, err := test.RandTestKeyPair(typ, 2048)
+	sk, pk, err := test.RandTestKeyPair(typ, 512)
 	if err != nil {
 		t.Fatal(err)
 	}
@ -114,7 +114,7 @@ func testKeyEquals(t *testing.T, k Key) {
 		t.Fatal("Key not equal to key with same bytes.")
 	}

-	sk, pk, err := test.RandTestKeyPair(RSA, 2048)
+	sk, pk, err := test.RandTestKeyPair(RSA, 512)
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/crypto/rsa_common.go
+++ b/crypto/rsa_common.go
@ -2,11 +2,24 @@ package crypto

 import (
 	"fmt"
+	"os"
 )

-const MinRsaKeyBits = 2048
+// UnsafeRsaKeyEnv is an environment variable which, when set, lowers the
+// minimum required bits of RSA keys to 512. This should be used exclusively in
+// test situations.
+const UnsafeRsaKeyEnv = "LIBP2P_ALLOW_UNSAFE_RSA_KEYS"
+
+var MinRsaKeyBits = 2048

 // ErrRsaKeyTooSmall is returned when trying to generate or parse an RSA key
-// that's smaller than 512 bits. Keys need to be larger enough to sign a 256bit
-// hash so this is a reasonable absolute minimum.
-var ErrRsaKeyTooSmall = fmt.Errorf("rsa keys must be >= %d bits to be useful", MinRsaKeyBits)
+// that's smaller than MinRsaKeyBits bits. In test
+var ErrRsaKeyTooSmall error
+
+func init() {
+	if _, ok := os.LookupEnv(UnsafeRsaKeyEnv); ok {
+		MinRsaKeyBits = 512
+	}
+
+	ErrRsaKeyTooSmall = fmt.Errorf("rsa keys must be >= %d bits to be useful", MinRsaKeyBits)
+}
--- a/crypto/rsa_test.go
+++ b/crypto/rsa_test.go
@ -6,7 +6,7 @@ import (
 )

 func TestRSABasicSignAndVerify(t *testing.T) {
-	priv, pub, err := GenerateRSAKeyPair(2048, rand.Reader)
+	priv, pub, err := GenerateRSAKeyPair(512, rand.Reader)
 	if err != nil {
 		t.Fatal(err)
 	}
@ -47,7 +47,7 @@ func TestRSASmallKey(t *testing.T) {
 }

 func TestRSASignZero(t *testing.T) {
-	priv, pub, err := GenerateRSAKeyPair(2048, rand.Reader)
+	priv, pub, err := GenerateRSAKeyPair(512, rand.Reader)
 	if err != nil {
 		t.Fatal(err)
 	}
@ -68,7 +68,7 @@ func TestRSASignZero(t *testing.T) {
 }

 func TestRSAMarshalLoop(t *testing.T) {
-	priv, pub, err := GenerateRSAKeyPair(2048, rand.Reader)
+	priv, pub, err := GenerateRSAKeyPair(512, rand.Reader)
 	if err != nil {
 		t.Fatal(err)
 	}