Update Allowed RSA KeySize Generation to FIPS 186-5 specification

aws · Sep 3, 2024 · 939db60 · 939db60
1 parent 3571a86
commit 939db60
Show file tree

Hide file tree

Showing 5 changed files with 445 additions and 455 deletions.
diff --git a/crypto/fipsmodule/rsa/rsa_impl.c b/crypto/fipsmodule/rsa/rsa_impl.c
@@ -1252,11 +1252,12 @@ int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e_value,
 }
 
 int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb) {
-  // FIPS 186-4 allows 2048-bit and 3072-bit RSA keys (1024-bit and 1536-bit
-  // primes, respectively) with the prime generation method we use.
-  // Subsequently, IG A.14 stated that larger modulus sizes can be used and ACVP
-  // testing supports 4096 bits.
-  if (bits != 2048 && bits != 3072 && bits != 4096) {
+  // FIPS 186-5 Section 5.1:
+  // This standard specifies the use of a modulus whose bit length is an even
+  // integer and greater than or equal to 2048 bits. Furthermore, this standard
+  // specifies that p and q be of the same bit length – namely, half the bit
+  // length of n
+  if (bits < 2048 || bits % 2 != 0) {
     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_RSA_PARAMETERS);
     return 0;
   }

diff --git a/crypto/fipsmodule/service_indicator/service_indicator_test.cc b/crypto/fipsmodule/service_indicator/service_indicator_test.cc
@@ -2012,9 +2012,8 @@ TEST(ServiceIndicatorTest, RSAKeyGen) {
   bssl::UniquePtr<RSA> rsa(RSA_new());
   ASSERT_TRUE(rsa);
 
-  // |RSA_generate_key_fips| may only be used for 2048-, 3072-, and 4096-bit
-  // keys.
-  for (const size_t bits : {512, 1024, 3071, 4095}) {
+  // |RSA_generate_key_fips| may only be used for bits >= 2048 && bits % 2 == 0
+  for (const size_t bits : {512, 1024, 3071}) {
     SCOPED_TRACE(bits);
 
     rsa.reset(RSA_new());
@@ -2023,8 +2022,9 @@ TEST(ServiceIndicatorTest, RSAKeyGen) {
     EXPECT_EQ(approved, AWSLC_NOT_APPROVED);
   }
 
-  // Test that we can generate keys of the supported lengths:
-  for (const size_t bits : {2048, 3072, 4096}) {
+  // Test that we can generate keys with supported lengths,
+  // larger key sizes are supported but are omitted for time.
+  for (const size_t bits : {2048, 3072, 4096, 8192}) {
     SCOPED_TRACE(bits);
 
     rsa.reset(RSA_new());

diff --git a/util/fipstools/acvp/acvptool/test/tests.json b/util/fipstools/acvp/acvptool/test/tests.json
@@ -28,6 +28,7 @@
 {"Wrapper": "modulewrapper", "In": "vectors/kdf-components.bz2", "Out": "expected/kdf-components.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/RSA.bz2", "Out": "expected/RSA.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/RSA-SigGen.bz2"},
+{"Wrapper": "modulewrapper", "In": "vectors/RSA-KeyGen.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/TLS-1.2-KDF.bz2", "Out": "expected/TLS-1.2-KDF.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/PBKDF.bz2", "Out": "expected/PBKDF.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/KDA-HKDF.bz2", "Out": "expected/KDA-HKDF.bz2"},

diff --git a/util/fipstools/acvp/acvptool/test/vectors/RSA-KeyGen.bz2 b/util/fipstools/acvp/acvptool/test/vectors/RSA-KeyGen.bz2