* provided in ckmc_save_key(), the same password should be provided
* @param[in] decrypted Data to be encrypted. In case of AES algorithm the backend may impose limit
* on the maximum size of processed data (ckmc_backend_get_max_chunk_size()).
- * For RSA the size must be smaller or equal to key size in bytes - 42.
- * Example: for 1024 RSA key the maximum data size is 1024/8 - 42 = 86.
+ * For RSA the size must be smaller or equal to
+ * key size in bytes - 2* hash function output size in bytes - 2.
+ * Example: for 1024 RSA key and hash SHA1 the maximum data size is
+ * 1024/8 - 2*160/8 = 86.
* @param[out] ppencrypted Encrypted data. In #CKMC_ALGO_AES_GCM mode it includes the GCM tag
* appended at the end.
*
* @param[in] encrypted Data to be decrypted. #CKMC_ALGO_AES_GCM mode requires GCM tag to be
* appended at the end. In case of AES algorithm the backend may impose limit
* on the maximum size of processed data (ckmc_backend_get_max_chunk_size()).
- * For RSA the size must be smaller or equal to key size in bytes - 42.
* @param[out] ppdecrypted Decrypted data
*
* @return @c 0 on success, otherwise a negative error value
* (#CKMC_KEY_RSA_PUBLIC).
* @remarks The @a ppwrapped_key should be released using ckmc_key_free().
* @remarks The key denoted by @a alias can only be #CKMC_KEY_AES.
+ * @remarks If the wrapping key is public RSA, the key size denoted by @a alias must be smaller than:
+ * wrapping key size in bits - 2* hash function output size in bits - 16.
+ * Example: for 1024 RSA wrapping key and hash SHA384 the key size must be smaller than:
+ * 1024 - 2*384 - 16 = 240 bits.
+ * @remarks Considering the key size limit it's recommended to use RSA key longer than @c 1024 bits.
*
* @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and #ckmc_algo_type_e
* for details. Supported algorithms:
CKMC_PARAM_ED_TAG_LEN, /**< integer - tag length in bits */
CKMC_PARAM_ED_LABEL, /**< buffer - RSA OAEP label (not supported at the moment) */
CKMC_PARAM_ED_OAEP_HASH, /**< integer - function to be used both as Label and MGF hash function
- in OAEP padding (see #__ckmc_hash_algo). Currently only #CKMC_HASH_SHA1
- and #CKMC_HASH_SHA256 are supported. If not given, the default
+ in OAEP padding (see #__ckmc_hash_algo). If not given, the default
#CKMC_HASH_SHA1 is used. (Since 6.0) */
CKMC_PARAM_KDF_PRF = 401, /**< integer - pseudo-random function number (see #ckmc_kdf_prf_e)
typedef ParamCheck<ParamName::ED_OAEP_HASH,
HashAlgorithm,
false,
- Type<HashAlgorithm>::Equals<HashAlgorithm::SHA1, HashAlgorithm::SHA256>> OaepHashAlgoCheck;
+ Type<HashAlgorithm>::Equals<HashAlgorithm::SHA1,
+ HashAlgorithm::SHA256,
+ HashAlgorithm::SHA384,
+ HashAlgorithm::SHA512>> OaepHashAlgoCheck;
typedef std::map<AlgoType, ValidatorVector> ValidatorMap;
ValidatorMap initValidators()
AlgoType algo = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
HashAlgorithm hash = HashAlgorithm::SHA1;
alg.getParam(ParamName::ED_OAEP_HASH, hash);
- if (hash != HashAlgorithm::SHA1 && hash != HashAlgorithm::SHA256)
- ThrowErr(Exc::Crypto::InputParam, "Invalid OAEP hash");
RawBuffer result;
projects / platform / core / security / key-manager.git / commitdiff