Переглянути джерело

Add warning about low public key exponent (#5234)

Co-authored-by: Ernesto García <ernestognw@gmail.com>
Signed-off-by: Hadrien Croubois <hadrien.croubois@gmail.com>
Hadrien Croubois 1 рік тому
батько
коміт
fd29158067
1 змінених файлів з 6 додано та 2 видалено
  1. 6 2
      contracts/utils/cryptography/RSA.sol

+ 6 - 2
contracts/utils/cryptography/RSA.sol

@@ -36,8 +36,12 @@ library RSA {
      * 2048 bits. If you use a smaller key, consider replacing it with a larger, more secure, one.
      *
      * WARNING: This verification algorithm doesn't prevent replayability. If called multiple times with the same
-     * digest, public key and (valid signature), it will return true every time. Consider including an onchain nonce or
-     * unique identifier in the message to prevent replay attacks.
+     * digest, public key and (valid signature), it will return true every time. Consider including an onchain nonce
+     * or unique identifier in the message to prevent replay attacks.
+     *
+     * WARNING: This verification algorithm supports any exponent. NIST recommends using `65537` (or higher).
+     * That is the default value many libraries use, such as OpenSSL. Developers may choose to reject public keys
+     * using a low exponent out of security concerns.
      *
      * @param digest the digest to verify
      * @param s is a buffer containing the signature