core/crypto: restrict RSA keys to <= 8192 bits #2454

MarcoPolo · 2023-08-02T23:34:24Z

At a certain point these become too much effort to compute. This limits the max size.

marten-seemann

Could it be that you missed a few cases? I'm less worried about the code path where you generate the RSA key yourself (although we should prevent that footgun as well), but more about those where the peer sends us its pubkey. What could path would be taken during the TLS / Noise handshake when we receive the peer's key?

core/crypto/rsa_common.go

Co-authored-by: Marten Seemann <[email protected]>

MarcoPolo · 2023-08-02T23:54:27Z

Could it be that you missed a few cases? I'm less worried about the code path where you generate the RSA key yourself (although we should prevent that footgun as well), but more about those where the peer sends us its pubkey. What could path would be taken during the TLS / Noise handshake when we receive the peer's key?

PublicKeyFromProto uses UnmarshalRsaPublicKey under the hood which is covered by this patch. I think only UnmarshalRsaPublicKey and GenerateRSAKeyPair give you an RSA public key.

* Error if RSA key is too big * Update core/crypto/rsa_common.go Co-authored-by: Marten Seemann <[email protected]> * Update core/crypto/rsa_common.go Co-authored-by: Marten Seemann <[email protected]> * Fix rename * Make this var again so the tests work --------- Co-authored-by: Marten Seemann <[email protected]>

Restrict the RSA key sizes we expect from peers. Protects us from spending a lot of compute on verifying signatures from big keys. Similar to libp2p/go-libp2p#2454 --------- Co-authored-by: achingbrain <[email protected]>

Error if RSA key is too big

3d4ca78

MarcoPolo requested a review from marten-seemann August 2, 2023 23:34

marten-seemann reviewed Aug 2, 2023

View reviewed changes

core/crypto/rsa_common.go Outdated Show resolved Hide resolved

core/crypto/rsa_common.go Outdated Show resolved Hide resolved

marten-seemann changed the title ~~Error if RSA key is too big~~ core/crypto: restrict RSA keys to <= 8192 bits Aug 2, 2023

MarcoPolo and others added 2 commits August 2, 2023 16:51

Update core/crypto/rsa_common.go

5774d42

Co-authored-by: Marten Seemann <[email protected]>

Update core/crypto/rsa_common.go

b836e9e

Co-authored-by: Marten Seemann <[email protected]>

MarcoPolo added 2 commits August 2, 2023 16:57

Fix rename

ed40bd8

Make this var again so the tests work

73c53dd

MarcoPolo enabled auto-merge (squash) August 3, 2023 00:26

marten-seemann disabled auto-merge August 3, 2023 14:26

marten-seemann approved these changes Aug 3, 2023

View reviewed changes

marten-seemann merged commit 9e01af8 into master Aug 3, 2023
20 checks passed

MarcoPolo mentioned this pull request Aug 3, 2023

fix(crypto): limit RSA key size to <= 8192 bits libp2p/js-libp2p#1931

Merged

GoVulnBot mentioned this pull request Aug 8, 2023

x/vulndb: potential Go vuln in github.com/libp2p/go-libp2p: CVE-2023-39533 golang/vulndb#2000

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

core/crypto: restrict RSA keys to <= 8192 bits #2454

core/crypto: restrict RSA keys to <= 8192 bits #2454

MarcoPolo commented Aug 2, 2023

marten-seemann left a comment

MarcoPolo commented Aug 2, 2023

core/crypto: restrict RSA keys to <= 8192 bits #2454

core/crypto: restrict RSA keys to <= 8192 bits #2454

Conversation

MarcoPolo commented Aug 2, 2023

marten-seemann left a comment

Choose a reason for hiding this comment

MarcoPolo commented Aug 2, 2023