Improve naming of mimimum RSA key size generation configurations
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
This commit is contained in:
Waleed Elmelegy
parent
3d158f0c28
commit
d7bdbbeb0a
11 changed files with 50 additions and 45 deletions
3
ChangeLog.d/enforce-min-RSA-key-size.txt
Normal file
3
ChangeLog.d/enforce-min-RSA-key-size.txt
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
Changes
|
||||
* Enforce minimum RSA key size when generating a key
|
||||
to avoid accidental misuse.
|
||||
|
|
@ -3691,9 +3691,6 @@
|
|||
//#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< Maximum window size used */
|
||||
//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
|
||||
|
||||
/* RSA OPTIONS */
|
||||
//#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 /**< Minimum RSA key size allowed in bits (Minimum possible value is 128 bits) */
|
||||
|
||||
/* Entropy options */
|
||||
//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
|
||||
//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
|
||||
|
|
@ -3784,6 +3781,9 @@
|
|||
*/
|
||||
//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
|
||||
|
||||
/* RSA OPTIONS */
|
||||
#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */
|
||||
|
||||
/* SSL Cache options */
|
||||
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
|
||||
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
|
||||
|
|
|
|||
|
|
@ -85,8 +85,10 @@ extern "C" {
|
|||
// Regular implementation
|
||||
//
|
||||
|
||||
#if !defined(MBEDTLS_RSA_MIN_KEY_SIZE)
|
||||
#define MBEDTLS_RSA_MIN_KEY_SIZE 1024
|
||||
#if !defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
|
||||
#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024
|
||||
#elif MBEDTLS_RSA_GEN_KEY_MIN_BITS < 128
|
||||
#error "MBEDTLS_RSA_GEN_KEY_MIN_BITS must be at least 128 bits"
|
||||
#endif
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -211,13 +211,13 @@
|
|||
/* The minimum size of an RSA key on this implementation, in bits.
|
||||
* This is a vendor-specific macro.
|
||||
*
|
||||
* Limits RSA key generation to a minimum due to security reasons.
|
||||
* Limits RSA key generation to a minimum due to avoid accidental misuse.
|
||||
* This value cannot be less than 128 bits.
|
||||
*/
|
||||
#if defined(MBEDTLS_RSA_MIN_KEY_SIZE)
|
||||
#define PSA_VENDOR_RSA_MIN_KEY_BITS MBEDTLS_RSA_MIN_KEY_SIZE
|
||||
#if defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
|
||||
#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS MBEDTLS_RSA_GEN_KEY_MIN_BITS
|
||||
#else
|
||||
#define PSA_VENDOR_RSA_MIN_KEY_BITS 1024
|
||||
#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS 1024
|
||||
#endif
|
||||
|
||||
/* The maximum size of an DH key on this implementation, in bits.
|
||||
|
|
|
|||
|
|
@ -7374,7 +7374,7 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation(
|
|||
if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) {
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
if (bits < PSA_VENDOR_RSA_MIN_KEY_BITS) {
|
||||
if (bits < PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS) {
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -545,12 +545,12 @@ int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx,
|
|||
mbedtls_mpi_init(&G);
|
||||
mbedtls_mpi_init(&L);
|
||||
|
||||
if (nbits < 128 || exponent < 3 || nbits % 2 != 0) {
|
||||
if (exponent < 3 || nbits % 2 != 0) {
|
||||
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (nbits < MBEDTLS_RSA_MIN_KEY_SIZE) {
|
||||
if (nbits < MBEDTLS_RSA_GEN_KEY_MIN_BITS) {
|
||||
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||
goto cleanup;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -348,7 +348,7 @@ class KeyGenerate:
|
|||
generate_dependencies = fix_key_pair_dependencies(import_dependencies, 'GENERATE')
|
||||
for bits in kt.sizes_to_test():
|
||||
if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR':
|
||||
size_dependency = "PSA_VENDOR_RSA_MIN_KEY_BITS <= " + str(bits)
|
||||
size_dependency = "PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= " + str(bits)
|
||||
test_dependencies = generate_dependencies + [size_dependency]
|
||||
else:
|
||||
test_dependencies = generate_dependencies
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee8265
|
|||
|
||||
PK utils: RSA Minimum key
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
|
||||
pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_MIN_KEY_SIZE:MBEDTLS_RSA_MIN_KEY_SIZE:(MBEDTLS_RSA_MIN_KEY_SIZE/8):"RSA"
|
||||
pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS /8):"RSA"
|
||||
|
||||
PK utils: ECKEY SECP192R1
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
|
|
@ -401,8 +401,8 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
|||
pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
RSA sign-verify
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_MIN_KEY_SIZE >= 512
|
||||
pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_MIN_KEY_SIZE:0:0
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512
|
||||
pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:0
|
||||
|
||||
RSA encrypt-decrypt test
|
||||
depends_on:MBEDTLS_PKCS1_V15
|
||||
|
|
@ -437,7 +437,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN
|
|||
pk_ec_nocrypt:MBEDTLS_PK_ECDSA
|
||||
|
||||
RSA_ALT consistency
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_MIN_KEY_SIZE >= 512
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512
|
||||
pk_rsa_alt:
|
||||
|
||||
Verify ext RSA #1 (PKCS1 v2.1, salt_len = ANY, OK)
|
||||
|
|
@ -622,27 +622,27 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_PK_WRITE_C
|
|||
pk_psa_sign:1024:PSA_KEY_TYPE_RSA_KEY_PAIR:1024
|
||||
|
||||
PK Sign ext:RSA2048,PK_RSA,MD_SHA256
|
||||
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048
|
||||
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
|
||||
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256
|
||||
|
||||
PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256
|
||||
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048
|
||||
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
|
||||
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256
|
||||
|
||||
PK Sign ext:RSA2048,PK_RSA,MD_SHA384
|
||||
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048
|
||||
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
|
||||
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384
|
||||
|
||||
PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384
|
||||
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048
|
||||
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
|
||||
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384
|
||||
|
||||
PK Sign ext:RSA2048,PK_RSA,MD_SHA512
|
||||
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048
|
||||
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
|
||||
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512
|
||||
|
||||
PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512
|
||||
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048
|
||||
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
|
||||
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512
|
||||
|
||||
PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256
|
||||
|
|
|
|||
|
|
@ -21,8 +21,8 @@
|
|||
/* Used for properly sizing the key buffer in pk_genkey_ec() */
|
||||
#include "psa_util_internal.h"
|
||||
|
||||
#define RSA_KEY_SIZE MBEDTLS_RSA_MIN_KEY_SIZE
|
||||
#define RSA_KEY_LEN (MBEDTLS_RSA_MIN_KEY_SIZE/8)
|
||||
#define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS
|
||||
#define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8)
|
||||
|
||||
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
|
||||
static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id)
|
||||
|
|
|
|||
|
|
@ -6984,27 +6984,27 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
|
|||
generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT:0
|
||||
|
||||
PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5)
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 512
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 512
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5)
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1016
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1016
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256)
|
||||
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024
|
||||
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256)
|
||||
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024
|
||||
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5)
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 512
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 512
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256)
|
||||
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024
|
||||
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024
|
||||
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, 0 bits: invalid
|
||||
|
|
@ -7043,22 +7043,22 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_EC
|
|||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0
|
||||
|
||||
PSA generate key: RSA, default e
|
||||
generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"":PSA_SUCCESS
|
||||
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"":PSA_SUCCESS
|
||||
|
||||
PSA generate key: RSA, e=3
|
||||
generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"03":PSA_SUCCESS
|
||||
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"03":PSA_SUCCESS
|
||||
|
||||
PSA generate key: RSA, e=65537
|
||||
generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"010001":PSA_SUCCESS
|
||||
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"010001":PSA_SUCCESS
|
||||
|
||||
PSA generate key: RSA, e=513
|
||||
generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"0201":PSA_SUCCESS
|
||||
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"0201":PSA_SUCCESS
|
||||
|
||||
PSA generate key: RSA, e=1
|
||||
generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT
|
||||
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA generate key: RSA, e=2
|
||||
generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT
|
||||
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA generate key: FFDH, 2048 bits, good
|
||||
depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY
|
||||
|
|
@ -7113,8 +7113,8 @@ depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_PSA_CRYPTO_
|
|||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY
|
||||
|
||||
PSA generate persistent key: RSA, minimum size key, exportable
|
||||
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C:PSA_VENDOR_RSA_MIN_KEY_BITS >= 512
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY
|
||||
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS >= 512
|
||||
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY
|
||||
|
||||
PSA generate persistent key: ECC, SECP256R1, exportable
|
||||
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
|
|
|
|||
|
|
@ -386,11 +386,11 @@ RSA Public (Data = 0)
|
|||
mbedtls_rsa_public:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0
|
||||
|
||||
RSA Generate Key (Minimum size key)
|
||||
mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE:3:0
|
||||
mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS:3:0
|
||||
|
||||
RSA Generate Key (Key less than minimum size)
|
||||
depends_on:MBEDTLS_RSA_MIN_KEY_SIZE >= 130
|
||||
mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE-2:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 130
|
||||
mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS-2:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
|
||||
RSA Generate Key (Number of bits too small)
|
||||
mbedtls_rsa_gen_key:127:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
|
|
@ -399,16 +399,16 @@ RSA Generate Key (Exponent too small)
|
|||
mbedtls_rsa_gen_key:128:2:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
|
||||
RSA Generate Key - 1024 bit key
|
||||
depends_on:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024
|
||||
depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 1024
|
||||
mbedtls_rsa_gen_key:1024:3:0
|
||||
|
||||
RSA Generate Key - 2048 bit key
|
||||
depends_on:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048
|
||||
depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
|
||||
mbedtls_rsa_gen_key:2048:3:0
|
||||
|
||||
RSA Generate Key (Odd sized key)
|
||||
# mbedtls_rsa_gen_key only supports even-sized keys
|
||||
mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE+1:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS+1:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
|
||||
RSA Validate Params, toy example
|
||||
mbedtls_rsa_validate_params:"f":"3":"5":"3":"3":0:0
|
||||
|
|
|
|||
Loading…
Reference in a new issue