Skip to content

Commit

Permalink
Improve naming of mimimum RSA key size generation configurations
Browse files Browse the repository at this point in the history
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
  • Loading branch information
waleed-elmelegy-arm committed Jul 27, 2023
1 parent 3d158f0 commit d7bdbbe
Show file tree
Hide file tree
Showing 11 changed files with 50 additions and 45 deletions.
3 changes: 3 additions & 0 deletions ChangeLog.d/enforce-min-RSA-key-size.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Changes
* Enforce minimum RSA key size when generating a key
to avoid accidental misuse.
6 changes: 3 additions & 3 deletions include/mbedtls/mbedtls_config.h
Original file line number Diff line number Diff line change
Expand Up @@ -3691,9 +3691,6 @@
//#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< Maximum window size used */
//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */

/* RSA OPTIONS */
//#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 /**< Minimum RSA key size allowed in bits (Minimum possible value is 128 bits) */

/* Entropy options */
//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
Expand Down Expand Up @@ -3784,6 +3781,9 @@
*/
//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32

/* RSA OPTIONS */
#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */

/* SSL Cache options */
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
Expand Down
6 changes: 4 additions & 2 deletions include/mbedtls/rsa.h
Original file line number Diff line number Diff line change
Expand Up @@ -85,8 +85,10 @@ extern "C" {
// Regular implementation
//

#if !defined(MBEDTLS_RSA_MIN_KEY_SIZE)
#define MBEDTLS_RSA_MIN_KEY_SIZE 1024
#if !defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024
#elif MBEDTLS_RSA_GEN_KEY_MIN_BITS < 128
#error "MBEDTLS_RSA_GEN_KEY_MIN_BITS must be at least 128 bits"
#endif

/**
Expand Down
8 changes: 4 additions & 4 deletions include/psa/crypto_sizes.h
Original file line number Diff line number Diff line change
Expand Up @@ -211,13 +211,13 @@
/* The minimum size of an RSA key on this implementation, in bits.
* This is a vendor-specific macro.
*
* Limits RSA key generation to a minimum due to security reasons.
* Limits RSA key generation to a minimum due to avoid accidental misuse.
* This value cannot be less than 128 bits.
*/
#if defined(MBEDTLS_RSA_MIN_KEY_SIZE)
#define PSA_VENDOR_RSA_MIN_KEY_BITS MBEDTLS_RSA_MIN_KEY_SIZE
#if defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS MBEDTLS_RSA_GEN_KEY_MIN_BITS
#else
#define PSA_VENDOR_RSA_MIN_KEY_BITS 1024
#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS 1024
#endif

/* The maximum size of an DH key on this implementation, in bits.
Expand Down
2 changes: 1 addition & 1 deletion library/psa_crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -7374,7 +7374,7 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation(
if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) {
return PSA_ERROR_NOT_SUPPORTED;
}
if (bits < PSA_VENDOR_RSA_MIN_KEY_BITS) {
if (bits < PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS) {
return PSA_ERROR_NOT_SUPPORTED;
}

Expand Down
4 changes: 2 additions & 2 deletions library/rsa.c
Original file line number Diff line number Diff line change
Expand Up @@ -545,12 +545,12 @@ int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx,
mbedtls_mpi_init(&G);
mbedtls_mpi_init(&L);

if (nbits < 128 || exponent < 3 || nbits % 2 != 0) {
if (exponent < 3 || nbits % 2 != 0) {
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
goto cleanup;
}

if (nbits < MBEDTLS_RSA_MIN_KEY_SIZE) {
if (nbits < MBEDTLS_RSA_GEN_KEY_MIN_BITS) {
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
goto cleanup;
}
Expand Down
2 changes: 1 addition & 1 deletion tests/scripts/generate_psa_tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -348,7 +348,7 @@ def test_cases_for_key_type_key_generation(
generate_dependencies = fix_key_pair_dependencies(import_dependencies, 'GENERATE')
for bits in kt.sizes_to_test():
if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR':
size_dependency = "PSA_VENDOR_RSA_MIN_KEY_BITS <= " + str(bits)
size_dependency = "PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= " + str(bits)
test_dependencies = generate_dependencies + [size_dependency]
else:
test_dependencies = generate_dependencies
Expand Down
20 changes: 10 additions & 10 deletions tests/suites/test_suite_pk.data
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee8265

PK utils: RSA Minimum key
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_MIN_KEY_SIZE:MBEDTLS_RSA_MIN_KEY_SIZE:(MBEDTLS_RSA_MIN_KEY_SIZE/8):"RSA"
pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS /8):"RSA"

PK utils: ECKEY SECP192R1
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
Expand Down Expand Up @@ -401,8 +401,8 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH

RSA sign-verify
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_MIN_KEY_SIZE >= 512
pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_MIN_KEY_SIZE:0:0
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512
pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:0

RSA encrypt-decrypt test
depends_on:MBEDTLS_PKCS1_V15
Expand Down Expand Up @@ -437,7 +437,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN
pk_ec_nocrypt:MBEDTLS_PK_ECDSA

RSA_ALT consistency
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_MIN_KEY_SIZE >= 512
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512
pk_rsa_alt:

Verify ext RSA #1 (PKCS1 v2.1, salt_len = ANY, OK)
Expand Down Expand Up @@ -622,27 +622,27 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_PK_WRITE_C
pk_psa_sign:1024:PSA_KEY_TYPE_RSA_KEY_PAIR:1024

PK Sign ext:RSA2048,PK_RSA,MD_SHA256
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256

PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256

PK Sign ext:RSA2048,PK_RSA,MD_SHA384
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384

PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384

PK Sign ext:RSA2048,PK_RSA,MD_SHA512
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512

PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512

PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256
Expand Down
4 changes: 2 additions & 2 deletions tests/suites/test_suite_pk.function
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@
/* Used for properly sizing the key buffer in pk_genkey_ec() */
#include "psa_util_internal.h"

#define RSA_KEY_SIZE MBEDTLS_RSA_MIN_KEY_SIZE
#define RSA_KEY_LEN (MBEDTLS_RSA_MIN_KEY_SIZE/8)
#define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS
#define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8)

#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id)
Expand Down
28 changes: 14 additions & 14 deletions tests/suites/test_suite_psa_crypto.data
Original file line number Diff line number Diff line change
Expand Up @@ -6984,27 +6984,27 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT:0

PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5)
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 512
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 512
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0

PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5)
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1016
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1016
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0

PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256)
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:0

PSA generate key: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256)
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0

PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5)
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 512
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 512
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0

PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256)
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0

PSA generate key: RSA, 0 bits: invalid
Expand Down Expand Up @@ -7043,22 +7043,22 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_EC
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0

PSA generate key: RSA, default e
generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"":PSA_SUCCESS
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"":PSA_SUCCESS

PSA generate key: RSA, e=3
generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"03":PSA_SUCCESS
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"03":PSA_SUCCESS

PSA generate key: RSA, e=65537
generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"010001":PSA_SUCCESS
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"010001":PSA_SUCCESS

PSA generate key: RSA, e=513
generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"0201":PSA_SUCCESS
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"0201":PSA_SUCCESS

PSA generate key: RSA, e=1
generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT

PSA generate key: RSA, e=2
generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT

PSA generate key: FFDH, 2048 bits, good
depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY
Expand Down Expand Up @@ -7113,8 +7113,8 @@ depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_PSA_CRYPTO_
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY

PSA generate persistent key: RSA, minimum size key, exportable
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C:PSA_VENDOR_RSA_MIN_KEY_BITS >= 512
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS >= 512
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY

PSA generate persistent key: ECC, SECP256R1, exportable
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C
Expand Down
12 changes: 6 additions & 6 deletions tests/suites/test_suite_rsa.data
Original file line number Diff line number Diff line change
Expand Up @@ -386,11 +386,11 @@ RSA Public (Data = 0)
mbedtls_rsa_public:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0

RSA Generate Key (Minimum size key)
mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE:3:0
mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS:3:0

RSA Generate Key (Key less than minimum size)
depends_on:MBEDTLS_RSA_MIN_KEY_SIZE >= 130
mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE-2:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 130
mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS-2:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA

RSA Generate Key (Number of bits too small)
mbedtls_rsa_gen_key:127:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
Expand All @@ -399,16 +399,16 @@ RSA Generate Key (Exponent too small)
mbedtls_rsa_gen_key:128:2:MBEDTLS_ERR_RSA_BAD_INPUT_DATA

RSA Generate Key - 1024 bit key
depends_on:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024
depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 1024
mbedtls_rsa_gen_key:1024:3:0

RSA Generate Key - 2048 bit key
depends_on:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048
depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
mbedtls_rsa_gen_key:2048:3:0

RSA Generate Key (Odd sized key)
# mbedtls_rsa_gen_key only supports even-sized keys
mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE+1:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS+1:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA

RSA Validate Params, toy example
mbedtls_rsa_validate_params:"f":"3":"5":"3":"3":0:0
Expand Down

0 comments on commit d7bdbbe

Please sign in to comment.