fix(key size): forbid small openssl RSA keys

Also, add a test.

fix(key size): forbid small openssl RSA keys
Also, add a test.
bf79471e · Steven Allen · 2f75277a · bf79471e · bf79471e · bf79471e
Commit bf79471e authored Oct 21, 2019 by Steven Allen
Hide whitespace changes
Inline Side-by-side

Showing with 32 additions and 4 deletions

crypto/rsa_openssl.go crypto/rsa_openssl.go +6 -0

crypto/rsa_test.go crypto/rsa_test.go +23 -1

go.mod go.mod +1 -1

go.sum go.sum +2 -2

No files found.
--- a/crypto/rsa_openssl.go
+++ b/crypto/rsa_openssl.go
@@ -43,6 +43,9 @@ func UnmarshalRsaPrivateKey(b []byte) (PrivKey, error) {
 	if err != nil {
 		return nil, err
 	}
+	if 8*key.key.Size() < MinRsaKeyBits {
+		return nil, ErrRsaKeyTooSmall
+	}
 	if key.Type() != RSA {
 		return nil, errors.New("not actually an rsa public key")
 	}
@@ -55,6 +58,9 @@ func UnmarshalRsaPublicKey(b []byte) (PubKey, error) {
 	if err != nil {
 		return nil, err
 	}
+	if 8*key.key.Size() < MinRsaKeyBits {
+		return nil, ErrRsaKeyTooSmall
+	}
 	if key.Type() != RSA {
 		return nil, errors.New("not actually an rsa public key")
 	}

--- a/crypto/rsa_test.go
+++ b/crypto/rsa_test.go
@@ -40,10 +40,32 @@ func TestRSABasicSignAndVerify(t *testing.T) {
 }

 func TestRSASmallKey(t *testing.T) {
-	_, _, err := GenerateRSAKeyPair(384, rand.Reader)
+	_, _, err := GenerateRSAKeyPair(MinRsaKeyBits/2, rand.Reader)
 	if err != ErrRsaKeyTooSmall {
 		t.Fatal("should have refused to create small RSA key")
 	}
+	MinRsaKeyBits /= 2
+	badPriv, badPub, err := GenerateRSAKeyPair(MinRsaKeyBits, rand.Reader)
+	if err != nil {
+		t.Fatalf("should have succeeded, got: %s", err)
+	}
+	pubBytes, err := MarshalPublicKey(badPub)
+	if err != nil {
+		t.Fatal(err)
+	}
+	privBytes, err := MarshalPrivateKey(badPriv)
+	if err != nil {
+		t.Fatal(err)
+	}
+	MinRsaKeyBits *= 2
+	_, err = UnmarshalPublicKey(pubBytes)
+	if err != ErrRsaKeyTooSmall {
+		t.Fatal("should have refused to unmarshal a weak key")
+	}
+	_, err = UnmarshalPrivateKey(privBytes)
+	if err != ErrRsaKeyTooSmall {
+		t.Fatal("should have refused to unmarshal a weak key")
+	}
 }

 func TestRSASignZero(t *testing.T) {

--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/jbenet/goprocess v0.1.3
 	github.com/libp2p/go-flow-metrics v0.0.1
 	github.com/libp2p/go-msgio v0.0.4
-	github.com/libp2p/go-openssl v0.0.2
+	github.com/libp2p/go-openssl v0.0.3
 	github.com/minio/sha256-simd v0.1.1
 	github.com/mr-tron/base58 v1.1.2
 	github.com/multiformats/go-multiaddr v0.1.1

--- a/go.sum
+++ b/go.sum
@@ -72,8 +72,8 @@ github.com/libp2p/go-msgio v0.0.4 h1:agEFehY3zWJFUHK6SEMR7UYmk2z6kC3oeCM7ybLhguA
 github.com/libp2p/go-msgio v0.0.4 h1:agEFehY3zWJFUHK6SEMR7UYmk2z6kC3oeCM7ybLhguA=
 github.com/libp2p/go-msgio v0.0.4/go.mod h1:63lBBgOTDKQL6EWazRMCwXsEeEeK9O2Cd+0+6OOuipQ=
 github.com/libp2p/go-msgio v0.0.4/go.mod h1:63lBBgOTDKQL6EWazRMCwXsEeEeK9O2Cd+0+6OOuipQ=
-github.com/libp2p/go-openssl v0.0.2 h1:9pP2d3Ubaxkv7ZisLjx9BFwgOGnQdQYnfcH29HNY3ls=
-github.com/libp2p/go-openssl v0.0.2/go.mod h1:v8Zw2ijCSWBQi8Pq5GAixw6DbFfa9u6VIYDXnvOXkc0=
+github.com/libp2p/go-openssl v0.0.3 h1:wjlG7HvQkt4Fq4cfH33Ivpwp0omaElYEi9z26qaIkIk=
+github.com/libp2p/go-openssl v0.0.3/go.mod h1:unDrJpgy3oFr+rqXsarWifmJuNnJR4chtO1HmaZjggc=
 github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329 h1:2gxZ0XQIU/5z3Z3bUBu+FXuk2pFbkN6tcwi/pjyaDic=
 github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRUIY4=