Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change RSA.LegalKeySizes for Apple platforms to return 8192 #110591

Merged
merged 5 commits into from
Jan 3, 2025
Merged

Change RSA.LegalKeySizes for Apple platforms to return 8192 #110591

merged 5 commits into from
Jan 3, 2025

Conversation

vcsjones
Copy link
Member

This changes RSA.LegalKeySizes to return a maximum of 8192 on Apple platforms, as opposed to 16384. At least on macOS Sequoia and Sonoma, the limit is 8192-bit.

While we are here, memoize the KeySizes instance. They are immutable. The returned array is not - so we only memoize the interior KeySizes instance, not the returned array.

Closes #110588.

@teo-tsirpanis
Copy link
Contributor

Should we add a test that keys with the max size can be created?

@vcsjones
Copy link
Member Author

vcsjones commented Dec 10, 2024
edited
Loading

Should we add a test that keys with the max size can be created?

We do here

runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/KeyGeneration.cs

Lines 23 to 27 in cc66c77

[ConditionalFact(typeof(TestEnvironment), nameof(TestEnvironment.IsStressModeEnabled))]
public static void GenerateMaxKey()
{
GenerateKey(rsa => GetMax(rsa.LegalKeySizes));
}

But it's (effectively) a manual-only because it takes about ~30 seconds for macOS to generate an RSA 8K key. It can take several minutes for platforms that support 16K keys. Even for Outerloop that's too long, in my opinion.

This manual-only test fails without the fix, which is what prompted me to make the change.

@teo-tsirpanis
Copy link
Contributor

Makes sense, thanks.

This was referenced Dec 10, 2024
Open
Closed
This was referenced Dec 11, 2024
Open
Open
@build-analysis build-analysis bot mentioned this pull request Dec 12, 2024
Open
3 tasks
@build-analysis build-analysis bot mentioned this pull request Jan 2, 2025
Open
3 tasks
@vcsjones vcsjones merged commit 192f43b into dotnet:main Jan 3, 2025
81 of 83 checks passed
@vcsjones vcsjones deleted the macos-max-rsa-key-size branch January 3, 2025 21:54
@vcsjones vcsjones added this to the 10.0.0 milestone Jan 3, 2025
@vcsjones vcsjones added the cryptographic-docs-impact Issues impacting cryptographic docs. Cleared and reused after documentation is updated each release. label Jan 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@filipnavara filipnavara filipnavara left review comments

@krwq krwq krwq left review comments

@bartonjs bartonjs bartonjs approved these changes

Assignees

@vcsjones vcsjones

Labels
area-System.Security cryptographic-docs-impact Issues impacting cryptographic docs. Cleared and reused after documentation is updated each release.
Projects
None yet
Milestone
10.0.0
Development

Successfully merging this pull request may close these issues.

macOS: RSA.Create and Import fails with > 8192-bit keys
5 participants
@vcsjones @teo-tsirpanis @krwq @filipnavara @bartonjs