Add env flag for allowing unsafe rsa keys in tests

c817d49d · Cole Brown · f10115e5 · c817d49d · c817d49d · c817d49d
Commit c817d49d authored Jul 12, 2019 by Cole Brown
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 9 deletions

.travis.yml .travis.yml +1 -0

crypto/key_test.go crypto/key_test.go +2 -2

crypto/rsa_common.go crypto/rsa_common.go +17 -4

crypto/rsa_test.go crypto/rsa_test.go +3 -3

No files found.
--- a/.travis.yml
+++ b/.travis.yml
@@ -9,6 +9,7 @@ go:
 env:
  global:
    - BUILD_DEPTYPE=gomod
+    - LIBP2P_ALLOW_UNSAFE_RSA_KEYS=1
  matrix:
    - GOTFLAGS="-race"
    - GOTFLAGS="-race -tags=openssl"

--- a/crypto/key_test.go
+++ b/crypto/key_test.go
@@ -17,7 +17,7 @@ func TestKeys(t *testing.T) {
 }

 func testKeyType(typ int, t *testing.T) {
-	sk, pk, err := test.RandTestKeyPair(typ, 2048)
+	sk, pk, err := test.RandTestKeyPair(typ, 512)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -114,7 +114,7 @@ func testKeyEquals(t *testing.T, k Key) {
 		t.Fatal("Key not equal to key with same bytes.")
 	}

-	sk, pk, err := test.RandTestKeyPair(RSA, 2048)
+	sk, pk, err := test.RandTestKeyPair(RSA, 512)
 	if err != nil {
 		t.Fatal(err)
 	}

--- a/crypto/rsa_common.go
+++ b/crypto/rsa_common.go
@@ -2,11 +2,24 @@ package crypto

 import (
 	"fmt"
+	"os"
 )

-const MinRsaKeyBits = 2048
+// UnsafeRsaKeyEnv is an environment variable which, when set, lowers the
+// minimum required bits of RSA keys to 512. This should be used exclusively in
+// test situations.
+const UnsafeRsaKeyEnv = "LIBP2P_ALLOW_UNSAFE_RSA_KEYS"
+
+var MinRsaKeyBits = 2048

 // ErrRsaKeyTooSmall is returned when trying to generate or parse an RSA key
-// that's smaller than 512 bits. Keys need to be larger enough to sign a 256bit
-// hash so this is a reasonable absolute minimum.
-var ErrRsaKeyTooSmall = fmt.Errorf("rsa keys must be >= %d bits to be useful", MinRsaKeyBits)
+// that's smaller than MinRsaKeyBits bits. In test
+var ErrRsaKeyTooSmall error
+
+func init() {
+	if _, ok := os.LookupEnv(UnsafeRsaKeyEnv); ok {
+		MinRsaKeyBits = 512
+	}
+
+	ErrRsaKeyTooSmall = fmt.Errorf("rsa keys must be >= %d bits to be useful", MinRsaKeyBits)
+}
--- a/crypto/rsa_test.go
+++ b/crypto/rsa_test.go
@@ -6,7 +6,7 @@ import (
 )

 func TestRSABasicSignAndVerify(t *testing.T) {
-	priv, pub, err := GenerateRSAKeyPair(2048, rand.Reader)
+	priv, pub, err := GenerateRSAKeyPair(512, rand.Reader)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -47,7 +47,7 @@ func TestRSASmallKey(t *testing.T) {
 }

 func TestRSASignZero(t *testing.T) {
-	priv, pub, err := GenerateRSAKeyPair(2048, rand.Reader)
+	priv, pub, err := GenerateRSAKeyPair(512, rand.Reader)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -68,7 +68,7 @@ func TestRSASignZero(t *testing.T) {
 }

 func TestRSAMarshalLoop(t *testing.T) {
-	priv, pub, err := GenerateRSAKeyPair(2048, rand.Reader)
+	priv, pub, err := GenerateRSAKeyPair(512, rand.Reader)
 	if err != nil {
 		t.Fatal(err)
 	}