From 76336c3e4d0396508f6f5e23f54bc13d854fd863 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 30 Jun 2023 16:48:19 +0100 Subject: [PATCH 1/5] Enforce minimum key size when generating RSA key size Add configuration to enforce minimum size when generating a RSA key, it's default value is 1024 bits since this the minimum secure value currently but it can be any value greater than or equal 128 bits. Tests were modifed to accommodate for this change. Signed-off-by: Waleed Elmelegy --- include/mbedtls/mbedtls_config.h | 9 +++++++++ library/rsa.c | 5 +++++ tests/suites/test_suite_pk.data | 6 +++--- tests/suites/test_suite_pk.function | 8 ++++---- tests/suites/test_suite_psa_crypto.data | 24 ++++++++++++------------ tests/suites/test_suite_rsa.data | 7 +++++++ 6 files changed, 40 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 30e4d13ece..dcd28e9c42 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1335,6 +1335,15 @@ */ //#define MBEDTLS_RSA_NO_CRT +/** + * \def MBEDTLS_RSA_MIN_KEY_SIZE + * + * Minimum RSA key size allowed in bits. + * + * Minimum possible value is 128 bits. + */ +#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 + /** * \def MBEDTLS_SELF_TEST * diff --git a/library/rsa.c b/library/rsa.c index 6a74befe9e..9fd14dbe43 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -550,6 +550,11 @@ int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx, goto cleanup; } + if (nbits < MBEDTLS_RSA_MIN_KEY_SIZE) { + ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + goto cleanup; + } + /* * find primes P and Q with Q < P so that: * 1. |P-Q| > 2^( nbits / 2 - 100 ) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index e84c288513..f1cf5e9416 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -8,9 +8,9 @@ PK write valid parameters depends_on:MBEDTLS_RSA_C valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee82652e15615e89bfb8e84590dbee881652d3f143504796125964876bfd2be046f973beddcf92e1915bed66a06f8929794580d0836ad54143775f397c09044782b0573970eda3ec15191ea8330847c10542a9fd4cc3b4dfdd061f4d1051406773130f40f86d81255f0ab153c6307e1539acf95aee7f929ea6055be7139785b52392d9d42406d50925897507dda61a8f3f0919bead652c64eb959bdcfe415e17a6da6c5b69cc02ba142c16249c4adccdd0f7526773f12da023fd7ef431ca2d70ca890b04db2ea64f706e9ecebd5889e253599e6e5a9265e2883f0c9419a3dde5e89d9513ed29dbab7012dc5aca6b17ab528254b10203010001028201001689f5e89142ae18a6ffb0513715a4b0b4a13b9e5b3729a2bd62d738c6e15cea7bf3a4d85ab2193a0628c9452bb1f0c1af8b132789df1c95e72778bf5330f5b0d915d242d5e0818e85001ed5fa93d1ce13455deb0a15438562e8e3c8d60ec1e4c9ebff9f2b36b9cde9332cc79f0d17a7ae79cc1353cd75409ad9b4b6d7ee3d82af6f3207656cf2ac98947c15c398db0cebf8dc3eef5398269480cdd09411b960273ae3f364da09af849f24aa87346c58618ea91d9d6cd1d3932c80dbfc1f0a4166a9036911999ca27761079f0ce02db02c1c909ff9b4278578d7bb1b54b2b7082fc9e864b6b394e331c0d11a9a68255565b6dd477f4119c5809839520700711102818100d7db987ad86de6a9b0749fb5da80bacde3bebd72dcc83f60a27db74f927ac3661386577bfce5b4a00ad024682401d6aad29713c8e223b53415305ca07559821099b187fdd1bad3dc4dec9da96f5fa6128331e8f7d89f1e1a788698d1a27256dc7cd392f04e531a9e38e7265bf4fd7eec01e7835e9b1a0dd8923e440381be1c2702818100c87025fff7a493c623404966fbc8b32ed164ca620ad1a0ad11ef42fd12118456017856a8b42e5d4ad36104e9dc9f8a2f3003c3957ffddb20e2f4e3fc3cf2cdddae01f57a56de4fd24b91ab6d3e5cc0e8af0473659594a6bbfdaacf958f19c8d508eac12d8977616af6877106288093d37904a139220c1bc278ea56edc086976702818043e708685c7cf5fa9b4f948e1856366d5e1f3a694f9a8e954f884c89f3823ac5798ee12657bfcaba2dac9c47464c6dc2fecc17a531be19da706fee336bb6e47b645dbc71d3eff9856bddeb1ac9b644ffbdd58d7ba9e1240f1faaf797ba8a4d58becbaf85789e1bd979fcfccc209d3db7f0416bc9eef09b3a6d86b8ce8199d4310281804f4b86ccffe49d0d8ace98fb63ea9f708b284ba483d130b6a75cb76cb4e4372d6b41774f20912319420ca4cbfc1b25a8cb5f01d6381f6ebc50ed3ef08010327f5ba2acc1ac7220b3fa6f7399314db2879b0db0b5647abd87abb01295815a5b086491b2c0d81c616ed67ef8a8ce0727f446711d7323d4147b5828a52143c43b4b028180540756beba83c20a0bda11d6dec706a71744ff28090cec079dffb507d82828038fe657f61496a20317f779cb683ce8196c29a6fe28839a282eef4de57773be56808b0c3e2ac7747e2b200b2fbf20b55258cd24622a1ce0099de098ab0855106ae087f08b0c8c346d81619400c1b4838e33ed9ff90f05db8fccf8fb7ab881ca12" -PK utils: RSA 512-bit +PK utils: RSA 1024-bit depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA" +pk_utils:MBEDTLS_PK_RSA:1024:1024:128:"RSA" PK utils: ECKEY SECP192R1 depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED @@ -402,7 +402,7 @@ pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_ RSA sign-verify depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME -pk_sign_verify:MBEDTLS_PK_RSA:512:0:0 +pk_sign_verify:MBEDTLS_PK_RSA:1024:0:0 RSA encrypt-decrypt test depends_on:MBEDTLS_PKCS1_V15 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 1519cf598b..bbcad93300 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -21,8 +21,8 @@ /* Used for properly sizing the key buffer in pk_genkey_ec() */ #include "psa_util_internal.h" -#define RSA_KEY_SIZE 512 -#define RSA_KEY_LEN 64 +#define RSA_KEY_SIZE 1024 +#define RSA_KEY_LEN 128 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) @@ -1198,8 +1198,8 @@ void pk_rsa_alt() mbedtls_rsa_context raw; mbedtls_pk_context rsa, alt; mbedtls_pk_debug_item dbg_items[10]; - unsigned char hash[50], sig[64]; - unsigned char msg[50], ciph[64], test[50]; + unsigned char hash[50], sig[RSA_KEY_LEN]; + unsigned char msg[50], ciph[RSA_KEY_LEN], test[50]; size_t sig_len, ciph_len, test_len; int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index f42f073ed6..51e95ec313 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6984,27 +6984,27 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT:0 PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 512 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1016 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 512 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256) -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 0 bits: invalid @@ -7043,22 +7043,22 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_EC generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0 PSA generate key: RSA, default e -generate_key_rsa:512:"":PSA_SUCCESS +generate_key_rsa:1024:"":PSA_SUCCESS PSA generate key: RSA, e=3 -generate_key_rsa:512:"03":PSA_SUCCESS +generate_key_rsa:1024:"03":PSA_SUCCESS PSA generate key: RSA, e=65537 -generate_key_rsa:512:"010001":PSA_SUCCESS +generate_key_rsa:1024:"010001":PSA_SUCCESS PSA generate key: RSA, e=513 -generate_key_rsa:512:"0201":PSA_SUCCESS +generate_key_rsa:1024:"0201":PSA_SUCCESS PSA generate key: RSA, e=1 -generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT +generate_key_rsa:1024:"01":PSA_ERROR_INVALID_ARGUMENT PSA generate key: RSA, e=2 -generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT +generate_key_rsa:1024:"01":PSA_ERROR_INVALID_ARGUMENT PSA generate key: FFDH, 2048 bits, good depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 9b83a220f0..3df82f5df2 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -386,8 +386,13 @@ RSA Public (Data = 0) mbedtls_rsa_public:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0 RSA Generate Key - 128bit key +depends_on:MBEDTLS_RSA_MIN_KEY_SIZE == 128 mbedtls_rsa_gen_key:128:3:0 +RSA Generate Key - 128bit key (Less than minimum size) +depends_on:MBEDTLS_RSA_MIN_KEY_SIZE > 128 +mbedtls_rsa_gen_key:128:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA + RSA Generate Key (Number of bits too small) mbedtls_rsa_gen_key:127:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA @@ -395,9 +400,11 @@ RSA Generate Key (Exponent too small) mbedtls_rsa_gen_key:128:2:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Generate Key - 1024 bit key +depends_on:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024 mbedtls_rsa_gen_key:1024:3:0 RSA Generate Key - 2048 bit key +depends_on:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 mbedtls_rsa_gen_key:2048:3:0 RSA Generate Key - 1025 bit key From ab5707185a9ef33c5a6126ab8281046b5b81b034 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 5 Jul 2023 16:40:58 +0000 Subject: [PATCH 2/5] Add a minimum rsa key size config to psa config Signed-off-by: Waleed Elmelegy --- include/mbedtls/mbedtls_config.h | 12 +++--------- include/mbedtls/rsa.h | 4 ++++ include/psa/crypto_sizes.h | 12 ++++++++++++ library/psa_crypto.c | 3 +++ tests/suites/test_suite_rsa.data | 15 +++++++-------- 5 files changed, 29 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index dcd28e9c42..49e218c7be 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1335,15 +1335,6 @@ */ //#define MBEDTLS_RSA_NO_CRT -/** - * \def MBEDTLS_RSA_MIN_KEY_SIZE - * - * Minimum RSA key size allowed in bits. - * - * Minimum possible value is 128 bits. - */ -#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 - /** * \def MBEDTLS_SELF_TEST * @@ -3700,6 +3691,9 @@ //#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< Maximum window size used */ //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ +/* RSA OPTIONS */ +//#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 /**< Minimum RSA key size allowed in bits (Minimum possible value is 128 bits)*/ + /* Entropy options */ //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 3d57aa21b7..8045e6b713 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -85,6 +85,10 @@ extern "C" { // Regular implementation // +#if !defined(MBEDTLS_RSA_MIN_KEY_SIZE) +#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 +#endif + /** * \brief The RSA context structure. */ diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 8cc965b09f..fd0eeb944a 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -208,6 +208,18 @@ * operations, and does not need to accept all key sizes up to the limit. */ #define PSA_VENDOR_RSA_MAX_KEY_BITS 4096 +/* The minimum size of an RSA key on this implementation, in bits. + * This is a vendor-specific macro. + * + * Limits RSA key generation to a minimum due to security reasons. + * This value cannot be less than 128 bits. + */ +#if defined(MBEDTLS_RSA_MIN_KEY_SIZE) +#define PSA_VENDOR_RSA_MIN_KEY_BITS MBEDTLS_RSA_MIN_KEY_SIZE +#else +#define PSA_VENDOR_RSA_MIN_KEY_BITS 1024 +#endif + /* The maximum size of an DH key on this implementation, in bits. * * Note that an implementation may set different size limits for different diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c890e12b76..4e1f41b044 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7374,6 +7374,9 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation( if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) { return PSA_ERROR_NOT_SUPPORTED; } + if (bits < PSA_VENDOR_RSA_MIN_KEY_BITS) { + return PSA_ERROR_NOT_SUPPORTED; + } /* Accept only byte-aligned keys, for the same reasons as * in psa_import_rsa_key(). */ diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 3df82f5df2..f9b668587a 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -385,13 +385,12 @@ mbedtls_rsa_public:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b RSA Public (Data = 0) mbedtls_rsa_public:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0 -RSA Generate Key - 128bit key -depends_on:MBEDTLS_RSA_MIN_KEY_SIZE == 128 -mbedtls_rsa_gen_key:128:3:0 +RSA Generate Key (Minimum size key) +mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE:3:0 -RSA Generate Key - 128bit key (Less than minimum size) -depends_on:MBEDTLS_RSA_MIN_KEY_SIZE > 128 -mbedtls_rsa_gen_key:128:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +RSA Generate Key (Key less than minimum size) +depends_on:MBEDTLS_RSA_MIN_KEY_SIZE > 130 +mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE-2:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Generate Key (Number of bits too small) mbedtls_rsa_gen_key:127:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA @@ -407,9 +406,9 @@ RSA Generate Key - 2048 bit key depends_on:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 mbedtls_rsa_gen_key:2048:3:0 -RSA Generate Key - 1025 bit key +RSA Generate Key (Odd sized key) # mbedtls_rsa_gen_key only supports even-sized keys -mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE+1:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Validate Params, toy example mbedtls_rsa_validate_params:"f":"3":"5":"3":"3":0:0 From 3d158f0c2810d8abba6e89f4710a69ce99719464 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 7 Jul 2023 11:48:03 +0000 Subject: [PATCH 3/5] Adapt tests to work on all possible minimum RSA key sizes Signed-off-by: Waleed Elmelegy --- include/mbedtls/mbedtls_config.h | 2 +- tests/scripts/generate_psa_tests.py | 7 ++++++- tests/suites/test_suite_pk.data | 22 +++++++++++----------- tests/suites/test_suite_pk.function | 4 ++-- tests/suites/test_suite_psa_crypto.data | 18 +++++++++--------- tests/suites/test_suite_rsa.data | 2 +- 6 files changed, 30 insertions(+), 25 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 49e218c7be..ab3837e316 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3692,7 +3692,7 @@ //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ /* RSA OPTIONS */ -//#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 /**< Minimum RSA key size allowed in bits (Minimum possible value is 128 bits)*/ +//#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 /**< Minimum RSA key size allowed in bits (Minimum possible value is 128 bits) */ /* Entropy options */ //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index cad788461c..edaec92b3c 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -347,9 +347,14 @@ class KeyGenerate: else: generate_dependencies = fix_key_pair_dependencies(import_dependencies, 'GENERATE') for bits in kt.sizes_to_test(): + if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR': + size_dependency = "PSA_VENDOR_RSA_MIN_KEY_BITS <= " + str(bits) + test_dependencies = generate_dependencies + [size_dependency] + else: + test_dependencies = generate_dependencies yield test_case_for_key_generation( kt.expression, bits, - finish_family_dependencies(generate_dependencies, bits), + finish_family_dependencies(test_dependencies, bits), str(bits), result ) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index f1cf5e9416..258423af41 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -8,9 +8,9 @@ PK write valid parameters depends_on:MBEDTLS_RSA_C valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee82652e15615e89bfb8e84590dbee881652d3f143504796125964876bfd2be046f973beddcf92e1915bed66a06f8929794580d0836ad54143775f397c09044782b0573970eda3ec15191ea8330847c10542a9fd4cc3b4dfdd061f4d1051406773130f40f86d81255f0ab153c6307e1539acf95aee7f929ea6055be7139785b52392d9d42406d50925897507dda61a8f3f0919bead652c64eb959bdcfe415e17a6da6c5b69cc02ba142c16249c4adccdd0f7526773f12da023fd7ef431ca2d70ca890b04db2ea64f706e9ecebd5889e253599e6e5a9265e2883f0c9419a3dde5e89d9513ed29dbab7012dc5aca6b17ab528254b10203010001028201001689f5e89142ae18a6ffb0513715a4b0b4a13b9e5b3729a2bd62d738c6e15cea7bf3a4d85ab2193a0628c9452bb1f0c1af8b132789df1c95e72778bf5330f5b0d915d242d5e0818e85001ed5fa93d1ce13455deb0a15438562e8e3c8d60ec1e4c9ebff9f2b36b9cde9332cc79f0d17a7ae79cc1353cd75409ad9b4b6d7ee3d82af6f3207656cf2ac98947c15c398db0cebf8dc3eef5398269480cdd09411b960273ae3f364da09af849f24aa87346c58618ea91d9d6cd1d3932c80dbfc1f0a4166a9036911999ca27761079f0ce02db02c1c909ff9b4278578d7bb1b54b2b7082fc9e864b6b394e331c0d11a9a68255565b6dd477f4119c5809839520700711102818100d7db987ad86de6a9b0749fb5da80bacde3bebd72dcc83f60a27db74f927ac3661386577bfce5b4a00ad024682401d6aad29713c8e223b53415305ca07559821099b187fdd1bad3dc4dec9da96f5fa6128331e8f7d89f1e1a788698d1a27256dc7cd392f04e531a9e38e7265bf4fd7eec01e7835e9b1a0dd8923e440381be1c2702818100c87025fff7a493c623404966fbc8b32ed164ca620ad1a0ad11ef42fd12118456017856a8b42e5d4ad36104e9dc9f8a2f3003c3957ffddb20e2f4e3fc3cf2cdddae01f57a56de4fd24b91ab6d3e5cc0e8af0473659594a6bbfdaacf958f19c8d508eac12d8977616af6877106288093d37904a139220c1bc278ea56edc086976702818043e708685c7cf5fa9b4f948e1856366d5e1f3a694f9a8e954f884c89f3823ac5798ee12657bfcaba2dac9c47464c6dc2fecc17a531be19da706fee336bb6e47b645dbc71d3eff9856bddeb1ac9b644ffbdd58d7ba9e1240f1faaf797ba8a4d58becbaf85789e1bd979fcfccc209d3db7f0416bc9eef09b3a6d86b8ce8199d4310281804f4b86ccffe49d0d8ace98fb63ea9f708b284ba483d130b6a75cb76cb4e4372d6b41774f20912319420ca4cbfc1b25a8cb5f01d6381f6ebc50ed3ef08010327f5ba2acc1ac7220b3fa6f7399314db2879b0db0b5647abd87abb01295815a5b086491b2c0d81c616ed67ef8a8ce0727f446711d7323d4147b5828a52143c43b4b028180540756beba83c20a0bda11d6dec706a71744ff28090cec079dffb507d82828038fe657f61496a20317f779cb683ce8196c29a6fe28839a282eef4de57773be56808b0c3e2ac7747e2b200b2fbf20b55258cd24622a1ce0099de098ab0855106ae087f08b0c8c346d81619400c1b4838e33ed9ff90f05db8fccf8fb7ab881ca12" -PK utils: RSA 1024-bit +PK utils: RSA Minimum key depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_utils:MBEDTLS_PK_RSA:1024:1024:128:"RSA" +pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_MIN_KEY_SIZE:MBEDTLS_RSA_MIN_KEY_SIZE:(MBEDTLS_RSA_MIN_KEY_SIZE/8):"RSA" PK utils: ECKEY SECP192R1 depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED @@ -401,8 +401,8 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH RSA sign-verify -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME -pk_sign_verify:MBEDTLS_PK_RSA:1024:0:0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_MIN_KEY_SIZE >= 512 +pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_MIN_KEY_SIZE:0:0 RSA encrypt-decrypt test depends_on:MBEDTLS_PKCS1_V15 @@ -437,7 +437,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN pk_ec_nocrypt:MBEDTLS_PK_ECDSA RSA_ALT consistency -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_MIN_KEY_SIZE >= 512 pk_rsa_alt: Verify ext RSA #1 (PKCS1 v2.1, salt_len = ANY, OK) @@ -622,27 +622,27 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_PK_WRITE_C pk_psa_sign:1024:PSA_KEY_TYPE_RSA_KEY_PAIR:1024 PK Sign ext:RSA2048,PK_RSA,MD_SHA256 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256 PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256 PK Sign ext:RSA2048,PK_RSA,MD_SHA384 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384 PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384 PK Sign ext:RSA2048,PK_RSA,MD_SHA512 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512 PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index bbcad93300..3ea9e3d667 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -21,8 +21,8 @@ /* Used for properly sizing the key buffer in pk_genkey_ec() */ #include "psa_util_internal.h" -#define RSA_KEY_SIZE 1024 -#define RSA_KEY_LEN 128 +#define RSA_KEY_SIZE MBEDTLS_RSA_MIN_KEY_SIZE +#define RSA_KEY_LEN (MBEDTLS_RSA_MIN_KEY_SIZE/8) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 51e95ec313..0b872fcd0f 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7043,22 +7043,22 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_EC generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0 PSA generate key: RSA, default e -generate_key_rsa:1024:"":PSA_SUCCESS +generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"":PSA_SUCCESS PSA generate key: RSA, e=3 -generate_key_rsa:1024:"03":PSA_SUCCESS +generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"03":PSA_SUCCESS PSA generate key: RSA, e=65537 -generate_key_rsa:1024:"010001":PSA_SUCCESS +generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"010001":PSA_SUCCESS PSA generate key: RSA, e=513 -generate_key_rsa:1024:"0201":PSA_SUCCESS +generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"0201":PSA_SUCCESS PSA generate key: RSA, e=1 -generate_key_rsa:1024:"01":PSA_ERROR_INVALID_ARGUMENT +generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT PSA generate key: RSA, e=2 -generate_key_rsa:1024:"01":PSA_ERROR_INVALID_ARGUMENT +generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT PSA generate key: FFDH, 2048 bits, good depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY @@ -7112,9 +7112,9 @@ PSA generate persistent key: DES, 64 bits, exportable depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_PSA_CRYPTO_STORAGE_C persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY -PSA generate persistent key: RSA, 1024 bits, exportable -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C -persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY +PSA generate persistent key: RSA, minimum size key, exportable +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C:PSA_VENDOR_RSA_MIN_KEY_BITS >= 512 +persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY PSA generate persistent key: ECC, SECP256R1, exportable depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index f9b668587a..7014399ba7 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -389,7 +389,7 @@ RSA Generate Key (Minimum size key) mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE:3:0 RSA Generate Key (Key less than minimum size) -depends_on:MBEDTLS_RSA_MIN_KEY_SIZE > 130 +depends_on:MBEDTLS_RSA_MIN_KEY_SIZE >= 130 mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE-2:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Generate Key (Number of bits too small) From d7bdbbeb0ae2dd855d0f7659df8158356a7b45ef Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 20 Jul 2023 16:26:58 +0000 Subject: [PATCH 4/5] Improve naming of mimimum RSA key size generation configurations Signed-off-by: Waleed Elmelegy --- ChangeLog.d/enforce-min-RSA-key-size.txt | 3 +++ include/mbedtls/mbedtls_config.h | 6 ++--- include/mbedtls/rsa.h | 6 +++-- include/psa/crypto_sizes.h | 8 +++---- library/psa_crypto.c | 2 +- library/rsa.c | 4 ++-- tests/scripts/generate_psa_tests.py | 2 +- tests/suites/test_suite_pk.data | 20 ++++++++--------- tests/suites/test_suite_pk.function | 4 ++-- tests/suites/test_suite_psa_crypto.data | 28 ++++++++++++------------ tests/suites/test_suite_rsa.data | 12 +++++----- 11 files changed, 50 insertions(+), 45 deletions(-) create mode 100644 ChangeLog.d/enforce-min-RSA-key-size.txt diff --git a/ChangeLog.d/enforce-min-RSA-key-size.txt b/ChangeLog.d/enforce-min-RSA-key-size.txt new file mode 100644 index 0000000000..06cd2a276e --- /dev/null +++ b/ChangeLog.d/enforce-min-RSA-key-size.txt @@ -0,0 +1,3 @@ +Changes + * Enforce minimum RSA key size when generating a key + to avoid accidental misuse. diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index ab3837e316..28249d3b34 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3691,9 +3691,6 @@ //#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< Maximum window size used */ //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ -/* RSA OPTIONS */ -//#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 /**< Minimum RSA key size allowed in bits (Minimum possible value is 128 bits) */ - /* Entropy options */ //#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */ //#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */ @@ -3784,6 +3781,9 @@ */ //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 +/* RSA OPTIONS */ +#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */ + /* SSL Cache options */ //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */ diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 8045e6b713..69f3981ede 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -85,8 +85,10 @@ extern "C" { // Regular implementation // -#if !defined(MBEDTLS_RSA_MIN_KEY_SIZE) -#define MBEDTLS_RSA_MIN_KEY_SIZE 1024 +#if !defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS) +#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 +#elif MBEDTLS_RSA_GEN_KEY_MIN_BITS < 128 +#error "MBEDTLS_RSA_GEN_KEY_MIN_BITS must be at least 128 bits" #endif /** diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index fd0eeb944a..08761778cb 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -211,13 +211,13 @@ /* The minimum size of an RSA key on this implementation, in bits. * This is a vendor-specific macro. * - * Limits RSA key generation to a minimum due to security reasons. + * Limits RSA key generation to a minimum due to avoid accidental misuse. * This value cannot be less than 128 bits. */ -#if defined(MBEDTLS_RSA_MIN_KEY_SIZE) -#define PSA_VENDOR_RSA_MIN_KEY_BITS MBEDTLS_RSA_MIN_KEY_SIZE +#if defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS) +#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS MBEDTLS_RSA_GEN_KEY_MIN_BITS #else -#define PSA_VENDOR_RSA_MIN_KEY_BITS 1024 +#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS 1024 #endif /* The maximum size of an DH key on this implementation, in bits. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4e1f41b044..1eb6960548 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7374,7 +7374,7 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation( if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) { return PSA_ERROR_NOT_SUPPORTED; } - if (bits < PSA_VENDOR_RSA_MIN_KEY_BITS) { + if (bits < PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS) { return PSA_ERROR_NOT_SUPPORTED; } diff --git a/library/rsa.c b/library/rsa.c index 9fd14dbe43..4955052bea 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -545,12 +545,12 @@ int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx, mbedtls_mpi_init(&G); mbedtls_mpi_init(&L); - if (nbits < 128 || exponent < 3 || nbits % 2 != 0) { + if (exponent < 3 || nbits % 2 != 0) { ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; goto cleanup; } - if (nbits < MBEDTLS_RSA_MIN_KEY_SIZE) { + if (nbits < MBEDTLS_RSA_GEN_KEY_MIN_BITS) { ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; goto cleanup; } diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index edaec92b3c..a5a4fd2b00 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -348,7 +348,7 @@ class KeyGenerate: generate_dependencies = fix_key_pair_dependencies(import_dependencies, 'GENERATE') for bits in kt.sizes_to_test(): if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR': - size_dependency = "PSA_VENDOR_RSA_MIN_KEY_BITS <= " + str(bits) + size_dependency = "PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= " + str(bits) test_dependencies = generate_dependencies + [size_dependency] else: test_dependencies = generate_dependencies diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 258423af41..84802da772 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -10,7 +10,7 @@ valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee8265 PK utils: RSA Minimum key depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_MIN_KEY_SIZE:MBEDTLS_RSA_MIN_KEY_SIZE:(MBEDTLS_RSA_MIN_KEY_SIZE/8):"RSA" +pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS /8):"RSA" PK utils: ECKEY SECP192R1 depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED @@ -401,8 +401,8 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH RSA sign-verify -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_MIN_KEY_SIZE >= 512 -pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_MIN_KEY_SIZE:0:0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512 +pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:0 RSA encrypt-decrypt test depends_on:MBEDTLS_PKCS1_V15 @@ -437,7 +437,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN pk_ec_nocrypt:MBEDTLS_PK_ECDSA RSA_ALT consistency -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_MIN_KEY_SIZE >= 512 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512 pk_rsa_alt: Verify ext RSA #1 (PKCS1 v2.1, salt_len = ANY, OK) @@ -622,27 +622,27 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_PK_WRITE_C pk_psa_sign:1024:PSA_KEY_TYPE_RSA_KEY_PAIR:1024 PK Sign ext:RSA2048,PK_RSA,MD_SHA256 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256 PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256 PK Sign ext:RSA2048,PK_RSA,MD_SHA384 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384 PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384 PK Sign ext:RSA2048,PK_RSA,MD_SHA512 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512 PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 3ea9e3d667..881429c2d1 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -21,8 +21,8 @@ /* Used for properly sizing the key buffer in pk_genkey_ec() */ #include "psa_util_internal.h" -#define RSA_KEY_SIZE MBEDTLS_RSA_MIN_KEY_SIZE -#define RSA_KEY_LEN (MBEDTLS_RSA_MIN_KEY_SIZE/8) +#define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS +#define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 0b872fcd0f..fb583d33f6 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6984,27 +6984,27 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT:0 PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 512 +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 512 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1016 +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1016 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 512 +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 512 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256) -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024 +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0 PSA generate key: RSA, 0 bits: invalid @@ -7043,22 +7043,22 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_EC generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0 PSA generate key: RSA, default e -generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"":PSA_SUCCESS +generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"":PSA_SUCCESS PSA generate key: RSA, e=3 -generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"03":PSA_SUCCESS +generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"03":PSA_SUCCESS PSA generate key: RSA, e=65537 -generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"010001":PSA_SUCCESS +generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"010001":PSA_SUCCESS PSA generate key: RSA, e=513 -generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"0201":PSA_SUCCESS +generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"0201":PSA_SUCCESS PSA generate key: RSA, e=1 -generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT +generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT PSA generate key: RSA, e=2 -generate_key_rsa:PSA_VENDOR_RSA_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT +generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT PSA generate key: FFDH, 2048 bits, good depends_on:PSA_WANT_ALG_FFDH:MBEDTLS_PSA_WANT_KEY_TYPE_DH_KEY_PAIR_LEGACY @@ -7113,8 +7113,8 @@ depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_PSA_CRYPTO_ persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY PSA generate persistent key: RSA, minimum size key, exportable -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C:PSA_VENDOR_RSA_MIN_KEY_BITS >= 512 -persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS >= 512 +persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY PSA generate persistent key: ECC, SECP256R1, exportable depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 7014399ba7..0a60f314ed 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -386,11 +386,11 @@ RSA Public (Data = 0) mbedtls_rsa_public:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0 RSA Generate Key (Minimum size key) -mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE:3:0 +mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS:3:0 RSA Generate Key (Key less than minimum size) -depends_on:MBEDTLS_RSA_MIN_KEY_SIZE >= 130 -mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE-2:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 130 +mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS-2:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Generate Key (Number of bits too small) mbedtls_rsa_gen_key:127:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA @@ -399,16 +399,16 @@ RSA Generate Key (Exponent too small) mbedtls_rsa_gen_key:128:2:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Generate Key - 1024 bit key -depends_on:MBEDTLS_RSA_MIN_KEY_SIZE <= 1024 +depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 1024 mbedtls_rsa_gen_key:1024:3:0 RSA Generate Key - 2048 bit key -depends_on:MBEDTLS_RSA_MIN_KEY_SIZE <= 2048 +depends_on:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 mbedtls_rsa_gen_key:2048:3:0 RSA Generate Key (Odd sized key) # mbedtls_rsa_gen_key only supports even-sized keys -mbedtls_rsa_gen_key:MBEDTLS_RSA_MIN_KEY_SIZE+1:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_gen_key:MBEDTLS_RSA_GEN_KEY_MIN_BITS+1:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Validate Params, toy example mbedtls_rsa_validate_params:"f":"3":"5":"3":"3":0:0 From d4e7fe09b36b802c44ade701ab9f60de1cbe8ebf Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 2 Aug 2023 16:59:59 +0000 Subject: [PATCH 5/5] Change tests to work on different MBEDTLS_RSA_GEN_KEY_MIN_BITS configs Signed-off-by: Waleed Elmelegy --- tests/suites/test_suite_psa_crypto.data | 30 ++++++++++++------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index fb583d33f6..4583c07412 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6932,7 +6932,7 @@ generate_random:2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1 PSA generate key: bad type (RSA public key) depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY -generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0 +generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0 PSA generate key: raw data, 0 bits: invalid argument # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED @@ -6983,13 +6983,13 @@ PSA generate key: invalid key size: AES, 64 bits depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES generate_key:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT:0 -PSA generate key: RSA, 512 bits, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 512 -generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 +PSA generate key: RSA, minimum allowed key size, good, sign (PKCS#1 v1.5) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS > 128 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 -PSA generate key: RSA, 1016 bits, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1016 -generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1016:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 +PSA generate key: RSA, 1032 bits, good, sign (PKCS#1 v1.5) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1032 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1032:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, sign (PSS SHA-256) depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024 @@ -6999,9 +6999,9 @@ PSA generate key: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256) depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0 -PSA generate key: RSA, 512 bits, good, encrypt (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 512 -generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0 +PSA generate key: RSA, minimum allowed key size, good, encrypt (PKCS#1 v1.5) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS >= 256:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 2048 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0 PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256) depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024 @@ -7012,17 +7012,17 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERA # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_INVALID_ARGUMENT:0 -PSA generate key: RSA, 1022 bits: not supported +PSA generate key: RSA, size not multiple of 8: not supported depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE -generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1022:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS + 62:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 -PSA generate key: RSA, 1023 bits: not supported +PSA generate key: RSA, size not multiple of 2: not supported depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE -generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1023:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS + 63:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 PSA generate key: RSA, maximum size exceeded depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE -generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 PSA generate key: ECC, SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256