diff options
| author | Vincent Palatin <vpalatin@chromium.org> | 2014-11-11 10:19:38 -0800 |
|---|---|---|
| committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-11-15 06:00:02 +0000 |
| commit | b63b0d70f53ac1e6f500da0b10ac66d96299a22b (patch) | |
| tree | 2544d109f1a8d954aad70782c17bb7777b0c8c3d /util/pem_extract_pubkey.py | |
| parent | 9de2ef515fd8c534e6ff4dddee0c2b9f5ec012f2 (diff) | |
| download | chrome-ec-b63b0d70f53ac1e6f500da0b10ac66d96299a22b.tar.gz | |
rsa: add support for 4096 and 8192 bit keys
Allow to use larger RSA keys by setting CONFIG_RSA_KEY_SIZE to 4096 or
8192 rather than using the default 2048-bit size.
It's mainly for benchmarking purpose right now as we don't have the RAM
to store the 3x key size buffer and the flash space for the public key
structure.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=samus
BUG=none
TEST=build Zinger with CONFIG_RSA_KEY_SIZE equals to 4096 and run it.
Change-Id: I9839121bf158d0a30dde1e48d875f345191bfec2
Reviewed-on: https://chromium-review.googlesource.com/228925
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Diffstat (limited to 'util/pem_extract_pubkey.py')
| -rwxr-xr-x | util/pem_extract_pubkey.py | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/util/pem_extract_pubkey.py b/util/pem_extract_pubkey.py index 739e1bea57..d368da8ee7 100755 --- a/util/pem_extract_pubkey.py +++ b/util/pem_extract_pubkey.py @@ -48,6 +48,9 @@ RSAPrivateKey ::= SEQUENCE { PEM_HEADER='-----BEGIN RSA PRIVATE KEY-----' PEM_FOOTER='-----END RSA PRIVATE KEY-----' +# supported RSA key sizes +RSA_KEY_SIZES=[2048, 4096, 8192] + class PEMError(Exception): """Exception class for pem_extract_pubkey utility.""" @@ -130,8 +133,9 @@ def pem_get_mod(filename): if mod["tag"] != DER_INTEGER: raise PEMError('modulus field should be an integer') # 2048 bits + mandatory ASN.1 sign (0) => 257 Bytes - if mod["length"] != 257 or mod["data"][0] != '\x00': - raise PEMError('Invalid key length (expecting 2048 bits)') + modSize = (mod["length"] - 1) * 8 + if modSize not in RSA_KEY_SIZES or mod["data"][0] != '\x00': + raise PEMError('Invalid key length : %d bits' % (modSize)) # 3rd field is Public Exponent exp = seq.get_tag() @@ -171,6 +175,7 @@ def compute_mod_parameters(modulus): ''' # create an array of uint32_t to store the modulus but skip the sign byte w = array.array("I",modulus[1:]) + wordCount = (len(modulus) - 1) / 4 # all integers in DER encoded .pem file are big endian. w.reverse() w.byteswap() @@ -183,7 +188,7 @@ def compute_mod_parameters(modulus): n0inv = B - modinv(w[0], B) # R = 2^(modulo size); RR = (R * R) % N RR = pow(2, 4096, N) - rr_words = to_words(RR, 64) + rr_words = to_words(RR, wordCount) return {'mod':w, 'rr':rr_words, 'n0inv':n0inv} |