jvm-ibp2p vulnerable to attack using large RSA keys

### Summary

There is no length limit for RSA keys, and a malicious node can exploit large RSA keys to launch a resource exhaustion attack.
A malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key.
there is a similar [problem](https://github.com/advisories/GHSA-876p-8259-xjgg)
The relevant codes are in [file1](https://github.com/libp2p/jvm-libp2p/blob/8b62e1fc1b277c016d0806b1f63fbfddd54c1446/libp2p/src/main/kotlin/io/libp2p/crypto/keys/Rsa.kt#L127)(RSA key generation and parsing functions）

### Expected behavior

refuse large rsa key

### Actual behavior

There is no length limit for RSA keys.

### Relevant log output

```shell

```

### Possible Solution

The vulnerability can be fixed by restricting the length of RSA keys. it is similar to [this](https://github.com/libp2p/go-libp2p/pull/2454/files).
The fix could be to limit the RSAkeys length.

### Version

the latest version

### Would you like to work on fixing this bug ?

Yes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

jvm-ibp2p vulnerable to attack using large RSA keys #418

Summary

Expected behavior

Actual behavior

Relevant log output

Possible Solution

Version

Would you like to work on fixing this bug ?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

jvm-ibp2p vulnerable to attack using large RSA keys #418

Description

Summary

Expected behavior

Actual behavior

Relevant log output

Possible Solution

Version

Would you like to work on fixing this bug ?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions