Define max sizes for MAC and signatures

This requires defining a maximum RSA key size, since the RSA key size
is the signature size. Enforce the maximum RSA key size when importing
or generating a key.
This commit is contained in:
Gilles Peskine 2018-06-27 22:55:52 +02:00 committed by itayzafrir
parent 49cee6c582
commit af3baabd05
2 changed files with 92 additions and 5 deletions

View file

@ -42,6 +42,14 @@
#include MBEDTLS_CONFIG_FILE
#endif
/** \def PSA_HASH_MAX_SIZE
*
* Maximum size of a hash.
*
* This macro must expand to a compile-time constant integer. This value
* should be the maximum size of a hash supported by the implementation,
* in bytes, and must be no smaller than this maximum.
*/
#if defined(MBEDTLS_SHA512_C)
#define PSA_HASH_MAX_SIZE 64
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
@ -50,6 +58,81 @@
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
#endif
/** \def PSA_MAC_MAX_SIZE
*
* Maximum size of a MAC.
*
* This macro must expand to a compile-time constant integer. This value
* should be the maximum size of a MAC supported by the implementation,
* in bytes, and must be no smaller than this maximum.
*/
/* All non-HMAC MACs have a maximum size that's smaller than the
* minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
#define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
/* The maximum size of an RSA key on this implementation, in bits.
* This is a vendor-specific macro.
*
* Mbed TLS does not set a hard limit on the size of RSA keys: any key
* whose parameters fit in a bignum is accepted. However large keys can
* induce a large memory usage and long computation times. Unlike other
* auxiliary macros in this file and in crypto.h, which reflect how the
* library is configured, this macro defines how the library is
* configured. This implementation refuses to import or generate an
* RSA key whose size is larger than the value defined here.
*
* Note that an implementation may set different size limits for different
* operations, and does not need to accept all key sizes up to the limit. */
#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
/* The maximum size of an ECC key on this implementation, in bits.
* This is a vendor-specific macro. */
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
#else
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
#endif
/** \def PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE
*
* Maximum size of an asymmetric signature.
*
* This macro must expand to a compile-time constant integer. This value
* should be the maximum size of a MAC supported by the implementation,
* in bytes, and must be no smaller than this maximum.
*/
#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \
PSA_BITS_TO_BYTES( \
PSA_VENDOR_RSA_MAX_KEY_BITS > PSA_VENDOR_ECC_MAX_CURVE_BITS ? \
PSA_VENDOR_RSA_MAX_KEY_BITS : \
PSA_VENDOR_ECC_MAX_CURVE_BITS \
)
/** The size of the output of psa_mac_finish(), in bytes.
*

View file

@ -502,7 +502,13 @@ psa_status_t psa_import_key( psa_key_slot_t key,
case MBEDTLS_PK_RSA:
if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
type == PSA_KEY_TYPE_RSA_KEYPAIR )
slot->data.rsa = mbedtls_pk_rsa( pk );
{
mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk );
size_t bits = mbedtls_rsa_get_bitlen( rsa );
if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
return( PSA_ERROR_NOT_SUPPORTED );
slot->data.rsa = rsa;
}
else
status = PSA_ERROR_INVALID_ARGUMENT;
break;
@ -1579,10 +1585,6 @@ psa_status_t psa_mac_finish( psa_mac_operation_t *operation,
mac_size, mac_length ) );
}
#define PSA_MAC_MAX_SIZE \
( MBEDTLS_MD_MAX_SIZE > MBEDTLS_MAX_BLOCK_LENGTH ? \
MBEDTLS_MD_MAX_SIZE : \
MBEDTLS_MAX_BLOCK_LENGTH )
psa_status_t psa_mac_verify( psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length )
@ -2862,6 +2864,8 @@ psa_status_t psa_generate_key( psa_key_slot_t key,
mbedtls_rsa_context *rsa;
int ret;
int exponent = 65537;
if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
return( PSA_ERROR_NOT_SUPPORTED );
if( parameters != NULL )
{
const unsigned *p = parameters;