Merge pull request #7864 from waleed-elmelegy-arm/enforce-min-RSA-key-size
Enforce minimum key size when generating RSA key size
This commit is contained in:
commit
6f80ac4979
11 changed files with 91 additions and 48 deletions
3
ChangeLog.d/enforce-min-RSA-key-size.txt
Normal file
3
ChangeLog.d/enforce-min-RSA-key-size.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Changes
|
||||
* Enforce minimum RSA key size when generating a key
|
||||
to avoid accidental misuse.
|
|
@ -3781,6 +3781,9 @@
|
|||
*/
|
||||
//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
|
||||
|
||||
/* RSA OPTIONS */
|
||||
#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */
|
||||
|
||||
/* SSL Cache options */
|
||||
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
|
||||
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
|
||||
|
|
|
@ -85,6 +85,12 @@ extern "C" {
|
|||
// Regular implementation
|
||||
//
|
||||
|
||||
#if !defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
|
||||
#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024
|
||||
#elif MBEDTLS_RSA_GEN_KEY_MIN_BITS < 128
|
||||
#error "MBEDTLS_RSA_GEN_KEY_MIN_BITS must be at least 128 bits"
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief The RSA context structure.
|
||||
*/
|
||||
|
|
|
@ -208,6 +208,18 @@
|
|||
* operations, and does not need to accept all key sizes up to the limit. */
|
||||
#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
|
||||
|
||||
/* The minimum size of an RSA key on this implementation, in bits.
|
||||
* This is a vendor-specific macro.
|
||||
*
|
||||
* Limits RSA key generation to a minimum due to avoid accidental misuse.
|
||||
* This value cannot be less than 128 bits.
|
||||
*/
|
||||
#if defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
|
||||
#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS MBEDTLS_RSA_GEN_KEY_MIN_BITS
|
||||
#else
|
||||
#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS 1024
|
||||
#endif
|
||||
|
||||
/* The maximum size of an DH key on this implementation, in bits.
|
||||
*
|
||||
* Note that an implementation may set different size limits for different
|
||||
|
|
|
@ -7364,6 +7364,9 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation(
|
|||
if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) {
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
if (bits < PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS) {
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
/* Accept only byte-aligned keys, for the same reasons as
|
||||
* in psa_import_rsa_key(). */
|
||||
|
|
|
@ -545,7 +545,12 @@ int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx,
|
|||
mbedtls_mpi_init(&G);
|
||||
mbedtls_mpi_init(&L);
|
||||
|
||||
if (nbits < 128 || exponent < 3 || nbits % 2 != 0) {
|
||||
if (exponent < 3 || nbits % 2 != 0) {
|
||||
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (nbits < MBEDTLS_RSA_GEN_KEY_MIN_BITS) {
|
||||
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||
goto cleanup;
|
||||
}
|
||||
|
|
|
@ -340,9 +340,14 @@ class KeyGenerate:
|
|||
else:
|
||||
generate_dependencies = fix_key_pair_dependencies(import_dependencies, 'GENERATE')
|
||||
for bits in kt.sizes_to_test():
|
||||
if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR':
|
||||
size_dependency = "PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= " + str(bits)
|
||||
test_dependencies = generate_dependencies + [size_dependency]
|
||||
else:
|
||||
test_dependencies = generate_dependencies
|
||||
yield test_case_for_key_generation(
|
||||
kt.expression, bits,
|
||||
finish_family_dependencies(generate_dependencies, bits),
|
||||
finish_family_dependencies(test_dependencies, bits),
|
||||
str(bits),
|
||||
result
|
||||
)
|
||||
|
|
|
@ -8,9 +8,9 @@ PK write valid parameters
|
|||
depends_on:MBEDTLS_RSA_C
|
||||
valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee82652e15615e89bfb8e84590dbee881652d3f143504796125964876bfd2be046f973beddcf92e1915bed66a06f8929794580d0836ad54143775f397c09044782b0573970eda3ec15191ea8330847c10542a9fd4cc3b4dfdd061f4d1051406773130f40f86d81255f0ab153c6307e1539acf95aee7f929ea6055be7139785b52392d9d42406d50925897507dda61a8f3f0919bead652c64eb959bdcfe415e17a6da6c5b69cc02ba142c16249c4adccdd0f7526773f12da023fd7ef431ca2d70ca890b04db2ea64f706e9ecebd5889e253599e6e5a9265e2883f0c9419a3dde5e89d9513ed29dbab7012dc5aca6b17ab528254b10203010001028201001689f5e89142ae18a6ffb0513715a4b0b4a13b9e5b3729a2bd62d738c6e15cea7bf3a4d85ab2193a0628c9452bb1f0c1af8b132789df1c95e72778bf5330f5b0d915d242d5e0818e85001ed5fa93d1ce13455deb0a15438562e8e3c8d60ec1e4c9ebff9f2b36b9cde9332cc79f0d17a7ae79cc1353cd75409ad9b4b6d7ee3d82af6f3207656cf2ac98947c15c398db0cebf8dc3eef5398269480cdd09411b960273ae3f364da09af849f24aa87346c58618ea91d9d6cd1d3932c80dbfc1f0a4166a9036911999ca27761079f0ce02db02c1c909ff9b4278578d7bb1b54b2b7082fc9e864b6b394e331c0d11a9a68255565b6dd477f4119c5809839520700711102818100d7db987ad86de6a9b0749fb5da80bacde3bebd72dcc83f60a27db74f927ac3661386577bfce5b4a00ad024682401d6aad29713c8e223b53415305ca07559821099b187fdd1bad3dc4dec9da96f5fa6128331e8f7d89f1e1a788698d1a27256dc7cd392f04e531a9e38e7265bf4fd7eec01e7835e9b1a0dd8923e440381be1c2702818100c87025fff7a493c623404966fbc8b32ed164ca620ad1a0ad11ef42fd12118456017856a8b42e5d4ad36104e9dc9f8a2f3003c3957ffddb20e2f4e3fc3cf2cdddae01f57a56de4fd24b91ab6d3e5cc0e8af0473659594a6bbfdaacf958f19c8d508eac12d8977616af6877106288093d37904a139220c1bc278ea56edc086976702818043e708685c7cf5fa9b4f948e1856366d5e1f3a694f9a8e954f884c89f3823ac5798ee12657bfcaba2dac9c47464c6dc2fecc17a531be19da706fee336bb6e47b645dbc71d3eff9856bddeb1ac9b644ffbdd58d7ba9e1240f1faaf797ba8a4d58becbaf85789e1bd979fcfccc209d3db7f0416bc9eef09b3a6d86b8ce8199d4310281804f4b86ccffe49d0d8ace98fb63ea9f708b284ba483d130b6a75cb76cb4e4372d6b41774f20912319420ca4cbfc1b25a8cb5f01d6381f6ebc50ed3ef08010327f5ba2acc1ac7220b3fa6f7399314db2879b0db0b5647abd87abb01295815a5b086491b2c0d81c616ed67ef8a8ce0727f446711d7323d4147b5828a52143c43b4b028180540756beba83c20a0bda11d6dec706a71744ff28090cec079dffb507d82828038fe657f61496a20317f779cb683ce8196c29a6fe28839a282eef4de57773be56808b0c3e2ac7747e2b200b2fbf20b55258cd24622a1ce0099de098ab0855106ae087f08b0c8c346d81619400c1b4838e33ed9ff90f05db8fccf8fb7ab881ca12"
|
||||
|
||||
PK utils: RSA 512-bit
|
||||
PK utils: RSA Minimum key
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
|
||||
pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA"
|
||||
pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS /8):"RSA"
|
||||
|
||||
PK utils: ECKEY SECP192R1
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
|
@ -401,8 +401,8 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
|||
pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
RSA sign-verify
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME
|
||||
pk_sign_verify:MBEDTLS_PK_RSA:512:0:0
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512
|
||||
pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:0
|
||||
|
||||
RSA encrypt-decrypt test
|
||||
depends_on:MBEDTLS_PKCS1_V15
|
||||
|
@ -437,7 +437,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN
|
|||
pk_ec_nocrypt:MBEDTLS_PK_ECDSA
|
||||
|
||||
RSA_ALT consistency
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512
|
||||
pk_rsa_alt:
|
||||
|
||||
Verify ext RSA #1 (PKCS1 v2.1, salt_len = ANY, OK)
|
||||
|
@ -622,27 +622,27 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_PK_WRITE_C
|
|||
pk_psa_sign:1024:PSA_KEY_TYPE_RSA_KEY_PAIR:1024
|
||||
|
||||
PK Sign ext:RSA2048,PK_RSA,MD_SHA256
|
||||
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
|
||||
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
|
||||
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256
|
||||
|
||||
PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256
|
||||
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
|
||||
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
|
||||
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256
|
||||
|
||||
PK Sign ext:RSA2048,PK_RSA,MD_SHA384
|
||||
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C
|
||||
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
|
||||
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384
|
||||
|
||||
PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384
|
||||
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C
|
||||
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
|
||||
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384
|
||||
|
||||
PK Sign ext:RSA2048,PK_RSA,MD_SHA512
|
||||
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C
|
||||
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
|
||||
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512
|
||||
|
||||
PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512
|
||||
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C
|
||||
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
|
||||
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512
|
||||
|
||||
PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256
|
||||
|
|
|
@ -21,8 +21,8 @@
|
|||
/* Used for properly sizing the key buffer in pk_genkey_ec() */
|
||||
#include "psa_util_internal.h"
|
||||
|
||||
#define RSA_KEY_SIZE 512
|
||||
#define RSA_KEY_LEN 64
|
||||
#define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS
|
||||
#define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8)
|
||||
|
||||
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
|
||||
static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id)
|
||||
|
@ -1198,8 +1198,8 @@ void pk_rsa_alt()
|
|||
mbedtls_rsa_context raw;
|
||||
mbedtls_pk_context rsa, alt;
|
||||
mbedtls_pk_debug_item dbg_items[10];
|
||||
unsigned char hash[50], sig[64];
|
||||
unsigned char msg[50], ciph[64], test[50];
|
||||
unsigned char hash[50], sig[RSA_KEY_LEN];
|
||||
unsigned char msg[50], ciph[RSA_KEY_LEN], test[50];
|
||||
size_t sig_len, ciph_len, test_len;
|
||||
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
||||
|
||||
|
|
|
@ -6932,7 +6932,7 @@ generate_random:2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1
|
|||
|
||||
PSA generate key: bad type (RSA public key)
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
|
||||
generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA generate key: raw data, 0 bits: invalid argument
|
||||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
|
@ -6983,28 +6983,28 @@ PSA generate key: invalid key size: AES, 64 bits
|
|||
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
|
||||
generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5)
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0
|
||||
PSA generate key: RSA, minimum allowed key size, good, sign (PKCS#1 v1.5)
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS > 128
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5)
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0
|
||||
PSA generate key: RSA, 1032 bits, good, sign (PKCS#1 v1.5)
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1032
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1032:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256)
|
||||
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256)
|
||||
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5)
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0
|
||||
PSA generate key: RSA, minimum allowed key size, good, encrypt (PKCS#1 v1.5)
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS >= 256:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 2048
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256)
|
||||
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, 0 bits: invalid
|
||||
|
@ -7012,17 +7012,17 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERA
|
|||
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA generate key: RSA, 1022 bits: not supported
|
||||
PSA generate key: RSA, size not multiple of 8: not supported
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1022:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS + 62:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
|
||||
|
||||
PSA generate key: RSA, 1023 bits: not supported
|
||||
PSA generate key: RSA, size not multiple of 2: not supported
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1023:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS + 63:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
|
||||
|
||||
PSA generate key: RSA, maximum size exceeded
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
|
||||
|
||||
PSA generate key: ECC, SECP256R1, good
|
||||
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
|
||||
|
@ -7043,22 +7043,22 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_EC
|
|||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, default e
|
||||
generate_key_rsa:512:"":PSA_SUCCESS
|
||||
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"":PSA_SUCCESS
|
||||
|
||||
PSA generate key: RSA, e=3
|
||||
generate_key_rsa:512:"03":PSA_SUCCESS
|
||||
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"03":PSA_SUCCESS
|
||||
|
||||
PSA generate key: RSA, e=65537
|
||||
generate_key_rsa:512:"010001":PSA_SUCCESS
|
||||
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"010001":PSA_SUCCESS
|
||||
|
||||
PSA generate key: RSA, e=513
|
||||
generate_key_rsa:512:"0201":PSA_SUCCESS
|
||||
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"0201":PSA_SUCCESS
|
||||
|
||||
PSA generate key: RSA, e=1
|
||||
generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT
|
||||
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA generate key: RSA, e=2
|
||||
generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT
|
||||
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA generate key: FFDH, 2048 bits, good
|
||||
depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
|
||||
|
@ -7112,9 +7112,9 @@ PSA generate persistent key: DES, 64 bits, exportable
|
|||
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY
|
||||
|
||||
PSA generate persistent key: RSA, 1024 bits, exportable
|
||||
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY
|
||||
PSA generate persistent key: RSA, minimum size key, exportable
|
||||
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS >= 512
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY
|
||||
|
||||
PSA generate persistent key: ECC, SECP256R1, exportable
|
||||
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
|
|
|
@ -385,8 +385,12 @@ mbedtls_rsa_public:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b
|
|||
RSA Public (Data = 0)
|
||||
mbedtls_rsa_public:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0
|
||||
|
||||
RSA Generate Key - 128bit key
|
||||
mbedtls_rsa_gen_key:128:3:0
|
||||
RSA Generate Key (Minimum size key)
|
||||
mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS:3:0
|
||||
|
||||
RSA Generate Key (Key less than minimum size)
|
||||
depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 130
|
||||
mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS-2:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
|
||||
RSA Generate Key (Number of bits too small)
|
||||
mbedtls_rsa_gen_key:127:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
|
@ -395,14 +399,16 @@ RSA Generate Key (Exponent too small)
|
|||
mbedtls_rsa_gen_key:128:2:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
|
||||
RSA Generate Key - 1024 bit key
|
||||
depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 1024
|
||||
mbedtls_rsa_gen_key:1024:3:0
|
||||
|
||||
RSA Generate Key - 2048 bit key
|
||||
depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
|
||||
mbedtls_rsa_gen_key:2048:3:0
|
||||
|
||||
RSA Generate Key - 1025 bit key
|
||||
RSA Generate Key (Odd sized key)
|
||||
# mbedtls_rsa_gen_key only supports even-sized keys
|
||||
mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS+1:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
|
||||
RSA Validate Params, toy example
|
||||
mbedtls_rsa_validate_params:"f":"3":"5":"3":"3":0:0
|
||||
|
|
Loading…
Reference in a new issue