Skip to content

Commit 8d3fe53

Browse files
tarcieritarcieri
authored
check_public improvements (#170)
- Ensure modulus is 16384-bits or fewer. See #166 - Increase maximum public exponent. Closes #155
1 parent 4ccdcf9 commit 8d3fe53

File tree

2 files changed

+12
-5
lines changed

2 files changed

+12
-5
lines changed

src/errors.rs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ pub enum Error {
1515
InvalidModulus,
1616
InvalidExponent,
1717
InvalidCoefficient,
18+
ModulusTooLarge,
1819
PublicExponentTooSmall,
1920
PublicExponentTooLarge,
2021
Pkcs1(pkcs1::Error),
@@ -41,6 +42,7 @@ impl core::fmt::Display for Error {
4142
Error::InvalidModulus => write!(f, "invalid modulus"),
4243
Error::InvalidExponent => write!(f, "invalid exponent"),
4344
Error::InvalidCoefficient => write!(f, "invalid coefficient"),
45+
Error::ModulusTooLarge => write!(f, "modulus too large"),
4446
Error::PublicExponentTooSmall => write!(f, "public exponent too small"),
4547
Error::PublicExponentTooLarge => write!(f, "public exponent too large"),
4648
Error::Pkcs1(err) => write!(f, "{}", err),

src/key.rs

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,9 @@ use crate::padding::PaddingScheme;
1616
use crate::raw::{DecryptionPrimitive, EncryptionPrimitive};
1717
use crate::{oaep, pkcs1v15, pss};
1818

19-
static MIN_PUB_EXPONENT: u64 = 2;
20-
static MAX_PUB_EXPONENT: u64 = 1 << (31 - 1);
19+
const MIN_PUB_EXPONENT: u64 = 2;
20+
const MAX_PUB_EXPONENT: u64 = (1 << 33) - 1;
21+
const MAX_MODULUS_BITS: usize = 16384;
2122

2223
pub trait PublicKeyParts {
2324
/// Returns the modulus of the key.
@@ -548,16 +549,20 @@ impl RsaPrivateKey {
548549
/// Check that the public key is well formed and has an exponent within acceptable bounds.
549550
#[inline]
550551
pub fn check_public(public_key: &impl PublicKeyParts) -> Result<()> {
551-
let public_key = public_key
552+
if public_key.n().bits() > MAX_MODULUS_BITS {
553+
return Err(Error::ModulusTooLarge);
554+
}
555+
556+
let e = public_key
552557
.e()
553558
.to_u64()
554559
.ok_or(Error::PublicExponentTooLarge)?;
555560

556-
if public_key < MIN_PUB_EXPONENT {
561+
if e < MIN_PUB_EXPONENT {
557562
return Err(Error::PublicExponentTooSmall);
558563
}
559564

560-
if public_key > MAX_PUB_EXPONENT {
565+
if e > MAX_PUB_EXPONENT {
561566
return Err(Error::PublicExponentTooLarge);
562567
}
563568

0 commit comments

Comments
 (0)