Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enforce minimum key size when generating RSA key size #7864

Merged
merged 5 commits into from
Aug 3, 2023
Merged

Enforce minimum key size when generating RSA key size #7864

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
76336c3
Enforce minimum key size when generating RSA key size
waleed-elmelegy-arm Jun 30, 2023
ab57071
Add a minimum rsa key size config to psa config
waleed-elmelegy-arm Jul 5, 2023
3d158f0
Adapt tests to work on all possible minimum RSA key sizes
waleed-elmelegy-arm Jul 7, 2023
d7bdbbe
Improve naming of mimimum RSA key size generation configurations
waleed-elmelegy-arm Jul 20, 2023
d4e7fe0
Change tests to work on different MBEDTLS_RSA_GEN_KEY_MIN_BITS configs
waleed-elmelegy-arm Aug 2, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions ChangeLog.d/enforce-min-RSA-key-size.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Changes
* Enforce minimum RSA key size when generating a key
to avoid accidental misuse.
3 changes: 3 additions & 0 deletions include/mbedtls/mbedtls_config.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3781,6 +3781,9 @@
*/
//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32

/* RSA OPTIONS */
#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */

/* SSL Cache options */
//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
Expand Down
6 changes: 6 additions & 0 deletions include/mbedtls/rsa.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,12 @@ extern "C" {
// Regular implementation
//

#if !defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024
#elif MBEDTLS_RSA_GEN_KEY_MIN_BITS < 128
#error "MBEDTLS_RSA_GEN_KEY_MIN_BITS must be at least 128 bits"
#endif

/**
* \brief The RSA context structure.
*/
Expand Down
12 changes: 12 additions & 0 deletions include/psa/crypto_sizes.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,18 @@
* operations, and does not need to accept all key sizes up to the limit. */
#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096

/* The minimum size of an RSA key on this implementation, in bits.
gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved
* This is a vendor-specific macro.
*
* Limits RSA key generation to a minimum due to avoid accidental misuse.
* This value cannot be less than 128 bits.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not actually enforced when RSA key generation goes through a driver. I'm not sure we need to enforce it. If we do, we could do it with #if … > 128 #error.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

*/
#if defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS MBEDTLS_RSA_GEN_KEY_MIN_BITS
#else
#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS 1024
#endif

/* The maximum size of an DH key on this implementation, in bits.
*
* Note that an implementation may set different size limits for different
Expand Down
3 changes: 3 additions & 0 deletions library/psa_crypto.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7374,6 +7374,9 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation(
if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) {
return PSA_ERROR_NOT_SUPPORTED;
}
if (bits < PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS) {
return PSA_ERROR_NOT_SUPPORTED;
}

/* Accept only byte-aligned keys, for the same reasons as
* in psa_import_rsa_key(). */
Expand Down
7 changes: 6 additions & 1 deletion library/rsa.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -545,7 +545,12 @@ int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx,
mbedtls_mpi_init(&G);
mbedtls_mpi_init(&L);

if (nbits < 128 || exponent < 3 || nbits % 2 != 0) {
if (exponent < 3 || nbits % 2 != 0) {
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
goto cleanup;
gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved
}

if (nbits < MBEDTLS_RSA_GEN_KEY_MIN_BITS) {
ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
goto cleanup;
}
Expand Down
7 changes: 6 additions & 1 deletion tests/scripts/generate_psa_tests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -347,9 +347,14 @@ def test_cases_for_key_type_key_generation(
else:
generate_dependencies = fix_key_pair_dependencies(import_dependencies, 'GENERATE')
for bits in kt.sizes_to_test():
if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR':
size_dependency = "PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= " + str(bits)
test_dependencies = generate_dependencies + [size_dependency]
else:
test_dependencies = generate_dependencies
yield test_case_for_key_generation(
kt.expression, bits,
finish_family_dependencies(generate_dependencies, bits),
finish_family_dependencies(test_dependencies, bits),
str(bits),
result
)
Expand Down
22 changes: 11 additions & 11 deletions tests/suites/test_suite_pk.data
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ PK write valid parameters
depends_on:MBEDTLS_RSA_C
valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee82652e15615e89bfb8e84590dbee881652d3f143504796125964876bfd2be046f973beddcf92e1915bed66a06f8929794580d0836ad54143775f397c09044782b0573970eda3ec15191ea8330847c10542a9fd4cc3b4dfdd061f4d1051406773130f40f86d81255f0ab153c6307e1539acf95aee7f929ea6055be7139785b52392d9d42406d50925897507dda61a8f3f0919bead652c64eb959bdcfe415e17a6da6c5b69cc02ba142c16249c4adccdd0f7526773f12da023fd7ef431ca2d70ca890b04db2ea64f706e9ecebd5889e253599e6e5a9265e2883f0c9419a3dde5e89d9513ed29dbab7012dc5aca6b17ab528254b10203010001028201001689f5e89142ae18a6ffb0513715a4b0b4a13b9e5b3729a2bd62d738c6e15cea7bf3a4d85ab2193a0628c9452bb1f0c1af8b132789df1c95e72778bf5330f5b0d915d242d5e0818e85001ed5fa93d1ce13455deb0a15438562e8e3c8d60ec1e4c9ebff9f2b36b9cde9332cc79f0d17a7ae79cc1353cd75409ad9b4b6d7ee3d82af6f3207656cf2ac98947c15c398db0cebf8dc3eef5398269480cdd09411b960273ae3f364da09af849f24aa87346c58618ea91d9d6cd1d3932c80dbfc1f0a4166a9036911999ca27761079f0ce02db02c1c909ff9b4278578d7bb1b54b2b7082fc9e864b6b394e331c0d11a9a68255565b6dd477f4119c5809839520700711102818100d7db987ad86de6a9b0749fb5da80bacde3bebd72dcc83f60a27db74f927ac3661386577bfce5b4a00ad024682401d6aad29713c8e223b53415305ca07559821099b187fdd1bad3dc4dec9da96f5fa6128331e8f7d89f1e1a788698d1a27256dc7cd392f04e531a9e38e7265bf4fd7eec01e7835e9b1a0dd8923e440381be1c2702818100c87025fff7a493c623404966fbc8b32ed164ca620ad1a0ad11ef42fd12118456017856a8b42e5d4ad36104e9dc9f8a2f3003c3957ffddb20e2f4e3fc3cf2cdddae01f57a56de4fd24b91ab6d3e5cc0e8af0473659594a6bbfdaacf958f19c8d508eac12d8977616af6877106288093d37904a139220c1bc278ea56edc086976702818043e708685c7cf5fa9b4f948e1856366d5e1f3a694f9a8e954f884c89f3823ac5798ee12657bfcaba2dac9c47464c6dc2fecc17a531be19da706fee336bb6e47b645dbc71d3eff9856bddeb1ac9b644ffbdd58d7ba9e1240f1faaf797ba8a4d58becbaf85789e1bd979fcfccc209d3db7f0416bc9eef09b3a6d86b8ce8199d4310281804f4b86ccffe49d0d8ace98fb63ea9f708b284ba483d130b6a75cb76cb4e4372d6b41774f20912319420ca4cbfc1b25a8cb5f01d6381f6ebc50ed3ef08010327f5ba2acc1ac7220b3fa6f7399314db2879b0db0b5647abd87abb01295815a5b086491b2c0d81c616ed67ef8a8ce0727f446711d7323d4147b5828a52143c43b4b028180540756beba83c20a0bda11d6dec706a71744ff28090cec079dffb507d82828038fe657f61496a20317f779cb683ce8196c29a6fe28839a282eef4de57773be56808b0c3e2ac7747e2b200b2fbf20b55258cd24622a1ce0099de098ab0855106ae087f08b0c8c346d81619400c1b4838e33ed9ff90f05db8fccf8fb7ab881ca12"

PK utils: RSA 512-bit
PK utils: RSA Minimum key
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA"
pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS /8):"RSA"

PK utils: ECKEY SECP192R1
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
Expand Down Expand Up @@ -401,8 +401,8 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH

RSA sign-verify
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME
pk_sign_verify:MBEDTLS_PK_RSA:512:0:0
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512
pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:0

RSA encrypt-decrypt test
depends_on:MBEDTLS_PKCS1_V15
Expand Down Expand Up @@ -437,7 +437,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN
pk_ec_nocrypt:MBEDTLS_PK_ECDSA

RSA_ALT consistency
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512
pk_rsa_alt:

Verify ext RSA #1 (PKCS1 v2.1, salt_len = ANY, OK)
Expand Down Expand Up @@ -622,27 +622,27 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_PK_WRITE_C
pk_psa_sign:1024:PSA_KEY_TYPE_RSA_KEY_PAIR:1024

PK Sign ext:RSA2048,PK_RSA,MD_SHA256
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256

PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256

PK Sign ext:RSA2048,PK_RSA,MD_SHA384
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384

PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384

PK Sign ext:RSA2048,PK_RSA,MD_SHA512
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C
depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512

PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512

PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256
Expand Down
8 changes: 4 additions & 4 deletions tests/suites/test_suite_pk.function
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@
/* Used for properly sizing the key buffer in pk_genkey_ec() */
#include "psa_util_internal.h"

#define RSA_KEY_SIZE 512
#define RSA_KEY_LEN 64
#define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS
#define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8)

#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id)
Expand Down Expand Up @@ -1198,8 +1198,8 @@ void pk_rsa_alt()
mbedtls_rsa_context raw;
mbedtls_pk_context rsa, alt;
mbedtls_pk_debug_item dbg_items[10];
unsigned char hash[50], sig[64];
unsigned char msg[50], ciph[64], test[50];
unsigned char hash[50], sig[RSA_KEY_LEN];
unsigned char msg[50], ciph[RSA_KEY_LEN], test[50];
size_t sig_len, ciph_len, test_len;
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;

Expand Down
30 changes: 15 additions & 15 deletions tests/suites/test_suite_psa_crypto.data
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6984,27 +6984,27 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT:0
gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved
gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved
gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved

gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved
PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5)
gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 512
gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0

PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5)
gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1016
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0

PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256)
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:0

PSA generate key: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256)
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0

PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5)
gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 512
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-blocker: why PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 2048?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

because of this line:
unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)"; in psa_exercise_key.c:378
the output size is not enough for the output.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, I see. The hard-coded sizes are probably back from before there were proper macros for buffer sizes. I've filed #8031 to remember about it. It's not urgent.

generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0

PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256)
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024
gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0

gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved
gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved
PSA generate key: RSA, 0 bits: invalid
Expand Down Expand Up @@ -7043,22 +7043,22 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_EC
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0

PSA generate key: RSA, default e
generate_key_rsa:512:"":PSA_SUCCESS
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"":PSA_SUCCESS

PSA generate key: RSA, e=3
generate_key_rsa:512:"03":PSA_SUCCESS
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"03":PSA_SUCCESS

PSA generate key: RSA, e=65537
generate_key_rsa:512:"010001":PSA_SUCCESS
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"010001":PSA_SUCCESS

PSA generate key: RSA, e=513
generate_key_rsa:512:"0201":PSA_SUCCESS
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"0201":PSA_SUCCESS

PSA generate key: RSA, e=1
generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT

PSA generate key: RSA, e=2
generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT
generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT

PSA generate key: FFDH, 2048 bits, good
depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY
Expand Down Expand Up @@ -7112,9 +7112,9 @@ PSA generate persistent key: DES, 64 bits, exportable
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY

PSA generate persistent key: RSA, 1024 bits, exportable
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY
PSA generate persistent key: RSA, minimum size key, exportable
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS >= 512
persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY

PSA generate persistent key: ECC, SECP256R1, exportable
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C
Expand Down
14 changes: 10 additions & 4 deletions tests/suites/test_suite_rsa.data
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -385,8 +385,12 @@ mbedtls_rsa_public:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b
RSA Public (Data = 0)
mbedtls_rsa_public:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0

RSA Generate Key - 128bit key
mbedtls_rsa_gen_key:128:3:0
RSA Generate Key (Minimum size key)
mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS:3:0

RSA Generate Key (Key less than minimum size)
depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 130
mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS-2:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA

RSA Generate Key (Number of bits too small)
mbedtls_rsa_gen_key:127:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
Expand All @@ -395,14 +399,16 @@ RSA Generate Key (Exponent too small)
mbedtls_rsa_gen_key:128:2:MBEDTLS_ERR_RSA_BAD_INPUT_DATA

RSA Generate Key - 1024 bit key
depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 1024
mbedtls_rsa_gen_key:1024:3:0

RSA Generate Key - 2048 bit key
depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
mbedtls_rsa_gen_key:2048:3:0

RSA Generate Key - 1025 bit key
RSA Generate Key (Odd sized key)
# mbedtls_rsa_gen_key only supports even-sized keys
mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS+1:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA

RSA Validate Params, toy example
mbedtls_rsa_validate_params:"f":"3":"5":"3":"3":0:0
Expand Down