Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Maximum modulus size #350

Open
tarcieri opened this issue Jul 13, 2023 · 2 comments
Open

Maximum modulus size #350

tarcieri opened this issue Jul 13, 2023 · 2 comments

Comments

@tarcieri
Copy link
Member

In #349 I suggested adopting some sort of ceiling on the size of integers that are acceptable for signatures, i.e. a maximum modulus size. This would prevent parsing some large amount of data that doesn't make sense as a signature to an extremely large integer.

While we do have checks that the signature does not exceed the modulus for a given public key in PKCS#1v15 and PSS now (I believe?), these checks aren't applied until signature verification time, whereas I think this sort of sanity limit would be better applied before we ever parse to a BigUint.

It could also form an upper bound on what we consider acceptable as an RSA private key, where we currently have no limit.

Perhaps 16384-bits would be acceptable? /cc @dignifiedquire
@dignifiedquire
Copy link
Member

Perhaps 16384-bits would be acceptable?

I think so.

In an ideal world I would love to do sth like this

key.verify::<MAX_KEY_SIZE>(&signature);

with a default type parameter... but I guess that is a bit out

@tarcieri
Copy link
Member Author

That could probably be done as a const generic parameter with a default on e.g. RsaPublicKey/RsaPrivateKey

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tarcieri @dignifiedquire