go-attestation/verifier/roca.go

75 lines
2.0 KiB
Go
Raw Normal View History

package verifier
import (
"crypto/rsa"
"math/big"
)
var (
// Derived from resources published as:
// "ROCA: Vulnerable RSA generation (CVE-2017-15361)".
// Czech Republic: Centre for Research on Cryptography and Security, Faculty of Informatics, Masaryk University.
fingerprintPrimes = []int64{3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149,
151, 157, 163, 167}
fingerprintMasks = []string{
"6",
"30",
"126",
"1026",
"5658",
"107286",
"199410",
"8388606",
"536870910",
"2147483646",
"67109890",
"2199023255550",
"8796093022206",
"140737488355326",
"5310023542746834",
"576460752303423486",
"1455791217086302986",
"147573952589676412926",
"20052041432995567486",
"6041388139249378920330",
"207530445072488465666",
"9671406556917033397649406",
"618970019642690137449562110",
"79228162521181866724264247298",
"2535301200456458802993406410750",
"1760368345969468176824550810518",
"50079290986288516948354744811034",
"473022961816146413042658758988474",
"10384593717069655257060992658440190",
"144390480366845522447407333004847678774",
"2722258935367507707706996859454145691646",
"174224571863520493293247799005065324265470",
"696898287454081973172991196020261297061886",
"713623846352979940529142984724747568191373310",
"1800793591454480341970779146165214289059119882",
"126304807362733370595828809000324029340048915994",
"11692013098647223345629478661730264157247460343806",
"187072209578355573530071658587684226515959365500926",
}
)
// ROCAVulnerableKey returns true if the key is vulnerable to ROCA.
func ROCAVulnerableKey(k *rsa.PublicKey) bool {
for i := range fingerprintPrimes {
n := &big.Int{}
n.Mod(k.N, big.NewInt(fingerprintPrimes[i]))
n.Lsh(big.NewInt(1), uint(n.Uint64()))
mask := &big.Int{}
mask.SetString(fingerprintMasks[i], 10)
n.And(n, mask)
if n.Cmp(big.NewInt(0)) == 0 {
return false
}
}
return true
}