TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TS / trusted-services / 8a86a00a64492d1aab86950d664d09addbf13c9d^! / . / components
commit8a86a00a64492d1aab86950d664d09addbf13c9d[log] [tgz]
authorImre Kis <imre.kis@arm.com>Mon Jan 22 15:43:11 2024 +0100
committerKis Imre <imre.kis@arm.com>Thu Jan 25 17:30:29 2024 +0100
tree6157822cae2ebeffdefece2acd5b131f2cad6e12
parent3874ab4c91e25fed985f6480025f357d64b33915 [diff]
Update Mbed TLS to 3.5.1

Commit ab5707185a9e ("Add a minimum rsa key size config to psa config")
introduced a minimal RSA key size condition to prevent accidental
misuse. The limit is set to 1024 bits and generating shorter RSA keys
will result in PSA_ERROR_NOT_SUPPORTED. Increase key size crypto tests
in TS service test to pass this check.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I917d0bf572fbf763a68c6d479d23ba66e9da6c13

diff --git a/components/app/ts-demo/ts-demo.cpp b/components/app/ts-demo/ts-demo.cpp
index 58b28ef..589f3b6 100644
--- a/components/app/ts-demo/ts-demo.cpp
+++ b/components/app/ts-demo/ts-demo.cpp

@@ -169,7 +169,7 @@
         psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
         psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
         psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
-        psa_set_key_bits(&attributes, 256);
+        psa_set_key_bits(&attributes, 1024);
 
         if (m_verbose) printf("Generating RSA encryption key");
 

diff --git a/components/service/crypto/test/service/crypto_service_limit_tests.cpp b/components/service/crypto/test/service/crypto_service_limit_tests.cpp
index eaa907a..294b874 100644
--- a/components/service/crypto/test/service/crypto_service_limit_tests.cpp
+++ b/components/service/crypto/test/service/crypto_service_limit_tests.cpp

@@ -78,7 +78,7 @@
         psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
         psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
         psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
-        psa_set_key_bits(&attributes, 512);
+        psa_set_key_bits(&attributes, 1024);
 
         psa_key_id_t key_id;
         status = m_crypto_client->generate_key(&attributes, &key_id);

diff --git a/components/service/crypto/test/service/crypto_service_scenarios.cpp b/components/service/crypto/test/service/crypto_service_scenarios.cpp
index 3f6b146..db7d691 100644
--- a/components/service/crypto/test/service/crypto_service_scenarios.cpp
+++ b/components/service/crypto/test/service/crypto_service_scenarios.cpp

@@ -104,7 +104,7 @@
 	psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_COPY);
 	psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
 	psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
-	psa_set_key_bits(&attributes, 256);
+	psa_set_key_bits(&attributes, 1024);
 
 	/* Generate a key */
 	psa_key_id_t key_id_1;
@@ -402,7 +402,7 @@
 	psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
 	psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
 	psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
-	psa_set_key_bits(&attributes, 256);
+	psa_set_key_bits(&attributes, 1024);
 
 	/* Generate a key */
 	status = m_crypto_client->generate_key(&attributes, &key_id);