Skip to content

Commit

Permalink
Update RSA key generation unit test
Browse files Browse the repository at this point in the history
+ Future releases of AWS-LC FIPS support RSA key sizes larger than 4096.
  • Loading branch information
amirhosv committed Oct 2, 2024
1 parent d902fc2 commit 43fdbcc
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 5 deletions.
2 changes: 1 addition & 1 deletion aws-lc
2 changes: 1 addition & 1 deletion build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ if (ext.isExperimentalFips) {

if (ext.isExperimentalFips || !ext.isFips) {
// Experimental FIPS uses the same AWS-LC version as non-FIPS builds.
ext.awsLcGitVersionId = 'v1.34.2'
ext.awsLcGitVersionId = 'v1.36.0'
} else {
ext.awsLcGitVersionId = 'AWS-LC-FIPS-2.0.15'
}
Expand Down
9 changes: 6 additions & 3 deletions tst/com/amazon/corretto/crypto/provider/test/RsaGenTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -168,15 +168,18 @@ public void test4096() throws GeneralSecurityException {
public void test5120() throws GeneralSecurityException {
final KeyPairGenerator generator = getGenerator();
generator.initialize(5120);
if (TestUtil.isFips()) {
assertThrows(RuntimeCryptoException.class, () -> generator.generateKeyPair());
} else {
try {
final KeyPair keyPair = generator.generateKeyPair();
final RSAPublicKey pubKey = (RSAPublicKey) keyPair.getPublic();
final RSAPrivateCrtKey privKey = (RSAPrivateCrtKey) keyPair.getPrivate();
assertEquals(5120, pubKey.getModulus().bitLength());
assertEquals(RSAKeyGenParameterSpec.F4, pubKey.getPublicExponent());
assertConsistency(pubKey, privKey);
} catch (final RuntimeCryptoException e) {
// Starting from version v1.35.1, AWS-LC built in FIPS mode allows key sizes larger than 4096.
// This exception could happen if ACCP is built with a version of AWS-LC in FIPS mode that
// does not support key sizes larger than 4096.
assertTrue(TestUtil.isFips());
}
}

Expand Down

0 comments on commit 43fdbcc

Please sign in to comment.