Raise minimum bits required for RSA key to 2048

f10115e5 · Cole Brown · 2835a401 · f10115e5 · f10115e5 · f10115e5
Commit f10115e5 authored Jul 10, 2019 by Cole Brown
5 changed files
--- a/crypto/key_test.go
+++ b/crypto/key_test.go
@@ -17,7 +17,7 @@ func TestKeys(t *testing.T) {
 }

 func testKeyType(typ int, t *testing.T) {
-	sk, pk, err := test.RandTestKeyPair(typ, 512)
+	sk, pk, err := test.RandTestKeyPair(typ, 2048)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -114,7 +114,7 @@ func testKeyEquals(t *testing.T, k Key) {
 		t.Fatal("Key not equal to key with same bytes.")
 	}

-	sk, pk, err := test.RandTestKeyPair(RSA, 512)
+	sk, pk, err := test.RandTestKeyPair(RSA, 2048)
 	if err != nil {
 		t.Fatal(err)
 	}

--- a/crypto/rsa_common.go
+++ b/crypto/rsa_common.go
 package crypto

 import (
-	"errors"
+	"fmt"
 )

+const MinRsaKeyBits = 2048
+
 // ErrRsaKeyTooSmall is returned when trying to generate or parse an RSA key
 // that's smaller than 512 bits. Keys need to be larger enough to sign a 256bit
 // hash so this is a reasonable absolute minimum.
-var ErrRsaKeyTooSmall = errors.New("rsa keys must be >= 512 bits to be useful")
+var ErrRsaKeyTooSmall = fmt.Errorf("rsa keys must be >= %d bits to be useful", MinRsaKeyBits)
--- a/crypto/rsa_go.go
+++ b/crypto/rsa_go.go
@@ -27,7 +27,7 @@ type RsaPublicKey struct {

 // GenerateRSAKeyPair generates a new rsa private and public key
 func GenerateRSAKeyPair(bits int, src io.Reader) (PrivKey, PubKey, error) {
-	if bits < 512 {
+	if bits < MinRsaKeyBits {
 		return nil, nil, ErrRsaKeyTooSmall
 	}
 	priv, err := rsa.GenerateKey(src, bits)
@@ -102,7 +102,7 @@ func UnmarshalRsaPrivateKey(b []byte) (PrivKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	if sk.N.BitLen() < 512 {
+	if sk.N.BitLen() < MinRsaKeyBits {
 		return nil, ErrRsaKeyTooSmall
 	}
 	return &RsaPrivateKey{sk: *sk}, nil
@@ -118,7 +118,7 @@ func UnmarshalRsaPublicKey(b []byte) (PubKey, error) {
 	if !ok {
 		return nil, errors.New("not actually an rsa public key")
 	}
-	if pk.N.BitLen() < 512 {
+	if pk.N.BitLen() < MinRsaKeyBits {
 		return nil, ErrRsaKeyTooSmall
 	}
 	return &RsaPublicKey{*pk}, nil

--- a/crypto/rsa_openssl.go
+++ b/crypto/rsa_openssl.go
@@ -21,7 +21,7 @@ type RsaPublicKey struct {

 // GenerateRSAKeyPair generates a new rsa private and public key
 func GenerateRSAKeyPair(bits int, _ io.Reader) (PrivKey, PubKey, error) {
-	if bits < 512 {
+	if bits < MinRsaKeyBits {
 		return nil, nil, ErrRsaKeyTooSmall
 	}


--- a/crypto/rsa_test.go
+++ b/crypto/rsa_test.go
@@ -6,7 +6,7 @@ import (
 )

 func TestRSABasicSignAndVerify(t *testing.T) {
-	priv, pub, err := GenerateRSAKeyPair(512, rand.Reader)
+	priv, pub, err := GenerateRSAKeyPair(2048, rand.Reader)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -47,7 +47,7 @@ func TestRSASmallKey(t *testing.T) {
 }

 func TestRSASignZero(t *testing.T) {
-	priv, pub, err := GenerateRSAKeyPair(512, rand.Reader)
+	priv, pub, err := GenerateRSAKeyPair(2048, rand.Reader)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -68,7 +68,7 @@ func TestRSASignZero(t *testing.T) {
 }

 func TestRSAMarshalLoop(t *testing.T) {
-	priv, pub, err := GenerateRSAKeyPair(512, rand.Reader)
+	priv, pub, err := GenerateRSAKeyPair(2048, rand.Reader)
 	if err != nil {
 		t.Fatal(err)
 	}