jvm-ibp2p vulnerable to attack using large RSA keys（vulnerability）

### Summary

There is no length limit for RSA keys, and a malicious node can exploit large RSA keys to launch a resource exhaustion attack.
A malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key.
there is a similar [problem](https://github.com/advisories/GHSA-876p-8259-xjgg)
The relevant codes are in [file1](https://github.com/libp2p/jvm-libp2p/blob/e7ae1b604be135c693e641b981e3055737169814/libp2p/src/main/kotlin/io/libp2p/crypto/keys/Rsa.kt#L96)(RSA key generation and parsing functions）




### Expected behavior

refuse large rsa key

### Actual behavior

There is no length limit for RSA keys.

### Relevant log output

```shell

```

### Possible Solution


The vulnerability can be fixed by restricting the length of RSA keys. it is similar to [this](https://github.com/libp2p/go-libp2p/pull/2454/files).
The fix could be to limit the RSAkeys length.

### Version

untiltthe latest version and master are  still affected

### Would you like to work on fixing this bug ?

Yes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

jvm-ibp2p vulnerable to attack using large RSA keys（vulnerability） #409

Summary

Expected behavior

Actual behavior

Relevant log output

Possible Solution

Version

Would you like to work on fixing this bug ?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

jvm-ibp2p vulnerable to attack using large RSA keys（vulnerability） #409

Description

Summary

Expected behavior

Actual behavior

Relevant log output

Possible Solution

Version

Would you like to work on fixing this bug ?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions