Merge pull request #1603 from letsencrypt/mod8

Check that modulus length is divisible by 8 in GoodKey.
2016-03-14 16:32:39 -07:00 · 2016-03-14 16:32:39 -07:00 · 58e27c0964
parent 450e6672a2 821414e967
commit 58e27c0964
2 changed files with 14 additions and 0 deletions
--- a/core/good_key.go
+++ b/core/good_key.go
@ -196,6 +196,11 @@ func (policy *KeyPolicy) goodKeyRSA(key rsa.PublicKey) (err error) {
 	if modulusBitLen > maxKeySize {
 		return MalformedRequestError(fmt.Sprintf("Key too large: %d > %d", modulusBitLen, maxKeySize))
 	}
+	// Bit lengths that are not a multiple of 8 may cause problems on some
+	// client implementations.
+	if modulusBitLen%8 != 0 {
+		return MalformedRequestError(fmt.Sprintf("Key length wasn't a multiple of 8: %d", modulusBitLen))
+	}
 	// The CA SHALL confirm that the value of the public exponent is an
 	// odd number equal to 3 or more. Additionally, the public exponent
 	// SHOULD be in the range between 2^16 + 1 and 2^256-1.
--- a/core/good_key_test.go
+++ b/core/good_key_test.go
@ -41,6 +41,15 @@ func TestLargeModulus(t *testing.T) {
 	test.AssertError(t, testingPolicy.GoodKey(private.PublicKey), "Should have rejected too-long key.")
 }

+func TestModulusModulo8(t *testing.T) {
+	bigOne := big.NewInt(1)
+	key := rsa.PublicKey{
+		N: bigOne.Lsh(bigOne, 2049),
+		E: 5,
+	}
+	test.AssertError(t, testingPolicy.GoodKey(&key), "Should have rejected modulus with length not divisible by 8.")
+}
+
 func TestSmallExponent(t *testing.T) {
 	bigOne := big.NewInt(1)
 	key := rsa.PublicKey{