commit ab5707185a9ef33c5a6126ab8281046b5b81b034
author Waleed Elmelegy <waleed.elmelegy@arm.com> Wed Jul 05 16:40:58 2023 +0000
committer Waleed Elmelegy <waleed.elmelegy@arm.com> Thu Jul 27 11:00:03 2023 +0000
tree 567de6b517c3ff71e8cda4668e44444e10f8ee0b
parent 76336c3e4d0396508f6f5e23f54bc13d854fd863

Add a minimum rsa key size config to psa config

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>

include/mbedtls/mbedtls_config.h

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index dcd28e9..49e218c 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1336,15 +1336,6 @@
 //#define MBEDTLS_RSA_NO_CRT
 
 /**
- * \def MBEDTLS_RSA_MIN_KEY_SIZE
- *
- * Minimum RSA key size allowed in bits.
- *
- * Minimum possible value is 128 bits.
- */
-#define MBEDTLS_RSA_MIN_KEY_SIZE 1024
-
-/**
  * \def MBEDTLS_SELF_TEST
  *
  * Enable the checkup functions (*_self_test).
@@ -3700,6 +3691,9 @@
 //#define MBEDTLS_ECP_WINDOW_SIZE            4 /**< Maximum window size used */
 //#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
 
+/* RSA OPTIONS */
+//#define MBEDTLS_RSA_MIN_KEY_SIZE           1024 /**<  Minimum RSA key size allowed in bits (Minimum possible value is 128 bits)*/
+
 /* Entropy options */
 //#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
 //#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */

include/mbedtls/rsa.h

diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 3d57aa2..8045e6b 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -85,6 +85,10 @@
 // Regular implementation
 //
 
+#if !defined(MBEDTLS_RSA_MIN_KEY_SIZE)
+#define MBEDTLS_RSA_MIN_KEY_SIZE 1024
+#endif
+
 /**
  * \brief   The RSA context structure.
  */

include/psa/crypto_sizes.h

diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 8cc965b..fd0eeb9 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -208,6 +208,18 @@
  * operations, and does not need to accept all key sizes up to the limit. */
 #define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
 
+/* The minimum size of an RSA key on this implementation, in bits.
+ * This is a vendor-specific macro.
+ *
+ * Limits RSA key generation to a minimum due to security reasons.
+ * This value cannot be less than 128 bits.
+ */
+#if defined(MBEDTLS_RSA_MIN_KEY_SIZE)
+#define PSA_VENDOR_RSA_MIN_KEY_BITS MBEDTLS_RSA_MIN_KEY_SIZE
+#else
+#define PSA_VENDOR_RSA_MIN_KEY_BITS 1024
+#endif
+
 /* The maximum size of an DH key on this implementation, in bits.
  *
  * Note that an implementation may set different size limits for different