Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
p2p
go-p2p-core
Commits
a7cc4bff
Unverified
Commit
a7cc4bff
authored
Aug 01, 2019
by
bigs
Committed by
GitHub
Aug 01, 2019
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #34 from libp2p/bug/weak-rsa-keys
Raise minimum bits required for RSA key to 2048
parents
62b2c6c4
f1175dbc
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
24 additions
and
8 deletions
+24
-8
.travis.yml
.travis.yml
+1
-0
crypto/rsa_common.go
crypto/rsa_common.go
+19
-4
crypto/rsa_go.go
crypto/rsa_go.go
+3
-3
crypto/rsa_openssl.go
crypto/rsa_openssl.go
+1
-1
No files found.
.travis.yml
View file @
a7cc4bff
...
...
@@ -9,6 +9,7 @@ go:
env
:
global
:
-
BUILD_DEPTYPE=gomod
-
LIBP2P_ALLOW_WEAK_RSA_KEYS=1
matrix
:
-
GOTFLAGS="-race"
-
GOTFLAGS="-race -tags=openssl"
...
...
crypto/rsa_common.go
View file @
a7cc4bff
package
crypto
import
(
"errors"
"fmt"
"os"
)
// WeakRsaKeyEnv is an environment variable which, when set, lowers the
// minimum required bits of RSA keys to 512. This should be used exclusively in
// test situations.
const
WeakRsaKeyEnv
=
"LIBP2P_ALLOW_WEAK_RSA_KEYS"
var
MinRsaKeyBits
=
2048
// ErrRsaKeyTooSmall is returned when trying to generate or parse an RSA key
// that's smaller than 512 bits. Keys need to be larger enough to sign a 256bit
// hash so this is a reasonable absolute minimum.
var
ErrRsaKeyTooSmall
=
errors
.
New
(
"rsa keys must be >= 512 bits to be useful"
)
// that's smaller than MinRsaKeyBits bits. In test
var
ErrRsaKeyTooSmall
error
func
init
()
{
if
_
,
ok
:=
os
.
LookupEnv
(
WeakRsaKeyEnv
);
ok
{
MinRsaKeyBits
=
512
}
ErrRsaKeyTooSmall
=
fmt
.
Errorf
(
"rsa keys must be >= %d bits to be useful"
,
MinRsaKeyBits
)
}
crypto/rsa_go.go
View file @
a7cc4bff
...
...
@@ -27,7 +27,7 @@ type RsaPublicKey struct {
// GenerateRSAKeyPair generates a new rsa private and public key
func
GenerateRSAKeyPair
(
bits
int
,
src
io
.
Reader
)
(
PrivKey
,
PubKey
,
error
)
{
if
bits
<
512
{
if
bits
<
MinRsaKeyBits
{
return
nil
,
nil
,
ErrRsaKeyTooSmall
}
priv
,
err
:=
rsa
.
GenerateKey
(
src
,
bits
)
...
...
@@ -102,7 +102,7 @@ func UnmarshalRsaPrivateKey(b []byte) (PrivKey, error) {
if
err
!=
nil
{
return
nil
,
err
}
if
sk
.
N
.
BitLen
()
<
512
{
if
sk
.
N
.
BitLen
()
<
MinRsaKeyBits
{
return
nil
,
ErrRsaKeyTooSmall
}
return
&
RsaPrivateKey
{
sk
:
*
sk
},
nil
...
...
@@ -118,7 +118,7 @@ func UnmarshalRsaPublicKey(b []byte) (PubKey, error) {
if
!
ok
{
return
nil
,
errors
.
New
(
"not actually an rsa public key"
)
}
if
pk
.
N
.
BitLen
()
<
512
{
if
pk
.
N
.
BitLen
()
<
MinRsaKeyBits
{
return
nil
,
ErrRsaKeyTooSmall
}
return
&
RsaPublicKey
{
*
pk
},
nil
...
...
crypto/rsa_openssl.go
View file @
a7cc4bff
...
...
@@ -21,7 +21,7 @@ type RsaPublicKey struct {
// GenerateRSAKeyPair generates a new rsa private and public key
func
GenerateRSAKeyPair
(
bits
int
,
_
io
.
Reader
)
(
PrivKey
,
PubKey
,
error
)
{
if
bits
<
512
{
if
bits
<
MinRsaKeyBits
{
return
nil
,
nil
,
ErrRsaKeyTooSmall
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment