search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.53k stars 2.6k forks source link

PSA only supports byte-aligned RSA key sizes #9048

Open gilles-peskine-arm opened 6 months ago

gilles-peskine-arm commented 6 months ago

The PSA subsystem only supports RSA keys whose size is a multiple of 8 bits, i.e. bits % 8 == 0. Other sizes are rejected at key creation time.

I remember users indicating that they wanted to support arbitrary modulus sizes, so this is something we should fix in 4.0. The low-level RSA module supports arbitrary modulus sizes, and this is tested. (Exception: key generation only supports key sizes that are a multiple of 2.)

Historically, this limitation in PSA was solely due to an implementation difficulty because PSA was built on top of pk which had a buggy mbedtls_pk_get_bitlen function. The buggy mbedtls_pk_get_bitlen is fixed in 3.6.0 and no longer relevant anyway, so we can lift the PSA limitation. We just need to review the code to check for assumptions that byte-length = 8 × bit-length, and make sure we have adequate tests.

gilles-peskine-arm commented 3 months ago

I'm prioritizing this as SHOULD for TF-PSA-Crypto 4.0 because if we don't do it, there's a loss of functionality (we can't handle RSA keys whose size is not a multiple of 8 any longer). But it's not a release blocker, since it can be a limitation that we lift in a subsequent minor release.