Define max sizes for MAC and signatures
This requires defining a maximum RSA key size, since the RSA key size is the signature size. Enforce the maximum RSA key size when importing or generating a key.
This commit is contained in:
parent
49cee6c582
commit
af3baabd05
2 changed files with 92 additions and 5 deletions
|
@ -42,6 +42,14 @@
|
|||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
/** \def PSA_HASH_MAX_SIZE
|
||||
*
|
||||
* Maximum size of a hash.
|
||||
*
|
||||
* This macro must expand to a compile-time constant integer. This value
|
||||
* should be the maximum size of a hash supported by the implementation,
|
||||
* in bytes, and must be no smaller than this maximum.
|
||||
*/
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#define PSA_HASH_MAX_SIZE 64
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
|
||||
|
@ -50,6 +58,81 @@
|
|||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
|
||||
#endif
|
||||
|
||||
/** \def PSA_MAC_MAX_SIZE
|
||||
*
|
||||
* Maximum size of a MAC.
|
||||
*
|
||||
* This macro must expand to a compile-time constant integer. This value
|
||||
* should be the maximum size of a MAC supported by the implementation,
|
||||
* in bytes, and must be no smaller than this maximum.
|
||||
*/
|
||||
/* All non-HMAC MACs have a maximum size that's smaller than the
|
||||
* minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
|
||||
#define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
|
||||
|
||||
/* The maximum size of an RSA key on this implementation, in bits.
|
||||
* This is a vendor-specific macro.
|
||||
*
|
||||
* Mbed TLS does not set a hard limit on the size of RSA keys: any key
|
||||
* whose parameters fit in a bignum is accepted. However large keys can
|
||||
* induce a large memory usage and long computation times. Unlike other
|
||||
* auxiliary macros in this file and in crypto.h, which reflect how the
|
||||
* library is configured, this macro defines how the library is
|
||||
* configured. This implementation refuses to import or generate an
|
||||
* RSA key whose size is larger than the value defined here.
|
||||
*
|
||||
* Note that an implementation may set different size limits for different
|
||||
* operations, and does not need to accept all key sizes up to the limit. */
|
||||
#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
|
||||
|
||||
/* The maximum size of an ECC key on this implementation, in bits.
|
||||
* This is a vendor-specific macro. */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
|
||||
#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
|
||||
#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
|
||||
#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
|
||||
#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
|
||||
#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
|
||||
#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
|
||||
#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
|
||||
#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
|
||||
#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
|
||||
#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
|
||||
#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
|
||||
#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
|
||||
#else
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
|
||||
#endif
|
||||
|
||||
/** \def PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE
|
||||
*
|
||||
* Maximum size of an asymmetric signature.
|
||||
*
|
||||
* This macro must expand to a compile-time constant integer. This value
|
||||
* should be the maximum size of a MAC supported by the implementation,
|
||||
* in bytes, and must be no smaller than this maximum.
|
||||
*/
|
||||
#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \
|
||||
PSA_BITS_TO_BYTES( \
|
||||
PSA_VENDOR_RSA_MAX_KEY_BITS > PSA_VENDOR_ECC_MAX_CURVE_BITS ? \
|
||||
PSA_VENDOR_RSA_MAX_KEY_BITS : \
|
||||
PSA_VENDOR_ECC_MAX_CURVE_BITS \
|
||||
)
|
||||
|
||||
|
||||
|
||||
/** The size of the output of psa_mac_finish(), in bytes.
|
||||
*
|
||||
|
|
|
@ -502,7 +502,13 @@ psa_status_t psa_import_key( psa_key_slot_t key,
|
|||
case MBEDTLS_PK_RSA:
|
||||
if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
|
||||
type == PSA_KEY_TYPE_RSA_KEYPAIR )
|
||||
slot->data.rsa = mbedtls_pk_rsa( pk );
|
||||
{
|
||||
mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk );
|
||||
size_t bits = mbedtls_rsa_get_bitlen( rsa );
|
||||
if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
slot->data.rsa = rsa;
|
||||
}
|
||||
else
|
||||
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||
break;
|
||||
|
@ -1579,10 +1585,6 @@ psa_status_t psa_mac_finish( psa_mac_operation_t *operation,
|
|||
mac_size, mac_length ) );
|
||||
}
|
||||
|
||||
#define PSA_MAC_MAX_SIZE \
|
||||
( MBEDTLS_MD_MAX_SIZE > MBEDTLS_MAX_BLOCK_LENGTH ? \
|
||||
MBEDTLS_MD_MAX_SIZE : \
|
||||
MBEDTLS_MAX_BLOCK_LENGTH )
|
||||
psa_status_t psa_mac_verify( psa_mac_operation_t *operation,
|
||||
const uint8_t *mac,
|
||||
size_t mac_length )
|
||||
|
@ -2862,6 +2864,8 @@ psa_status_t psa_generate_key( psa_key_slot_t key,
|
|||
mbedtls_rsa_context *rsa;
|
||||
int ret;
|
||||
int exponent = 65537;
|
||||
if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
if( parameters != NULL )
|
||||
{
|
||||
const unsigned *p = parameters;
|
||||
|
|
Loading…
Reference in a new issue