idk/go-i2p
1
0
Fork 0
mirror of https://github.com/go-i2p/go-i2p.git synced 2025-06-15 21:28:49 -04:00
Code Issues Packages Projects Releases Wiki Activity

return a descriptive error upon a hash size mismatch

Browse Source
This commit is contained in:
eyedeekay
2025-04-03 17:00:10 -04:00
parent e7e26ae021
commit 4577408d6d
3 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/crypto/rsa/rsa2048_public.go
View File

@ -30,13 +30,12 @@ func (r RSA2048PublicKey) VerifyHash(h []byte, sig []byte) error {
}
// For RSA2048, we use SHA-256
hashed := h
if len(h) != sha256.Size {
// If we received a different hash size, warn but continue
log.Warnf("RSA2048 verification received unexpected hash size: %d", len(h))
return oops.Errorf("RSA2048 verification requires SHA-256 hash (expected %d bytes, got %d)",
sha256.Size, len(h))
}
err = rsa.VerifyPKCS1v15(pubKey, crypto.SHA256, hashed, sig)
err = rsa.VerifyPKCS1v15(pubKey, crypto.SHA256, h, sig)
if err != nil {
return oops.Errorf("RSA signature verification failed: %w", err)
}

5
lib/crypto/rsa/rsa3072_public.go
View File

@ -3,6 +3,7 @@ package rsa
import (
"crypto"
"crypto/rsa"
"crypto/sha256"
"crypto/sha512"
"github.com/go-i2p/go-i2p/lib/crypto/types"
@ -30,8 +31,8 @@ func (r RSA3072PublicKey) VerifyHash(h []byte, sig []byte) error {
// For RSA3072, SHA512 is often used
hashed := h
if len(h) != sha512.Size {
// If we received a different hash size, warn but continue
log.Warnf("RSA3072 verification received unexpected hash size: %d", len(h))
return oops.Errorf("RSA3072 verification requires SHA-256 hash (expected %d bytes, got %d)",
sha256.Size, len(h))
}
err = rsa.VerifyPKCS1v15(pubKey, crypto.SHA512, hashed, sig)

5
lib/crypto/rsa/rsa4096_public.go
View File

@ -3,6 +3,7 @@ package rsa
import (
"crypto"
"crypto/rsa"
"crypto/sha256"
"crypto/sha512"
"github.com/go-i2p/go-i2p/lib/crypto/types"
@ -35,8 +36,8 @@ func (r RSA4096PublicKey) VerifyHash(h []byte, sig []byte) error {
// Verify the signature using PKCS1v15
err = rsa.VerifyPKCS1v15(pubKey, crypto.SHA512, h, sig)
if err != nil {
log.WithError(err).Error("RSA-4096 signature verification failed")
return oops.Errorf("invalid RSA-4096 signature: %w", err)
return oops.Errorf("RSA4096 verification requires SHA-256 hash (expected %d bytes, got %d)",
sha256.Size, len(h))
}
log.Debug("RSA-4096 signature verified successfully")