5 Replies Latest reply on May 27, 2020 11:30 AM by DheerajK_81

    PSoC 6 RSA: max key size?

    PaBa_4552536

      Hi -

       

      All of the examples for PSoC 6 RSA seem to demonstrate the use of 2048-bit RSA keys.

       

      Some of the PDL docs mention 4096 bits ("Also referred to as Public Key encryption. To receive a message, you publish a very large public key (up to 4096 bits currently), and I see "CY_CRYPTO_RSA4096_MESSAGE_SIZE" defined in the PDL documentation (PSoC 6 Peripheral Driver Library: Macros ), but not in the ".h" file in my PDL 3.1.2 installation.  So, I'm unsure if 4096-bit keys should be expected to work or not.

       

      When I try to use a 4096-bit key, Cy_Crypto_Rsa_Proc() returns 0 (CY_CRYPTO_SUCCESS), but the buffer passed to it for output has not been touched (it seems to be a no-op).

       

      I don't know if the issue is with my use of the functions, or if the PDL just doesn't support 4096-bit keys.

       

      If the latter, do the "direct" crypto-core functions support larger keys than the client/server functions that I'm currently using?

       

      Thanks for any advice.


      EDIT: I'm using PSoC Creator, in case that makes a difference.

        • 1. Re: PSoC 6 RSA: max key size?
          DheerajK_81

          You seem to referrring an older version of the PDL documentation. Based on the version of PDL you are using, you can find the documentation in this particular path: "C:\Program Files (x86)\Cypress\PDL\3.x.x\doc"

           

          For the version 3.1.2, the macro CY_CRYPTO_RSA4096_MESSAGE_SIZE is not available. But 4096 is the max key supported for RSA as mentioned in the Architecture TRM. You can pass in the value directly without the macro. I will check with the internal team why this macro isn't available and if 4096-bit has any known issues when used.

           

          The PDL Code snippet uses 2048-bit key. You can create your Public and Private Key Pair and place it in the "C:\Program Files (x86)\Cypress\PDL\3.1.2\security\secure_image\script\keys" directory.

           

          Then run the "rsa_keygen.bat" script found in the scripts directory to generate the C code for the keys. A new folder "keys_generated" will be created with the file "rsa_to_c_generated.txt" which contains the C code you can paste in your application.

           

          Both client-server and the direct crypto core APIs support max RSA key size of 4096. 2048.

           

          Please attach your project so that we can get insight into your issue.

           

          Regards,

          Dheeraj

          • 2. Re: PSoC 6 RSA: max key size?
            PaBa_4552536

            Thanks for the reply.

             

            I'm not trying to use "CY_CRYPTO_RSA4096_MESSAGE_SIZE" directly - just using that as "proof" that the PSoC 6 is supposed to support RSA 4096.

             

            If I use a 4096-bit key, as I said, the output buffer is always unchanged (even though Cy_Crypto_Rsa_Proc() returns SUCCESS)

             

            This is part of a larger project, so difficult to share.  I'll make a simpler project and upload later.

             

            Thanks.

             

            • 3. Re: PSoC 6 RSA: max key size?
              DheerajK_81

              I checked with the internal software team. The reason only 2048 bit macro is available is that the internal crypto-driver which is being used has an internal limitation key size limitation of up to 2048 bits. Also, the PSoC6A-BLE2 family has hardware limitations to store numbers bigger than 2048 bit.

               

              For other devices like PSoC6A-2M and PSoC6A-512K families a newer version of crypto-driver will be released which will fix this limitation and add support for 4096-bit keys.

               

              For now, you can only use up-to 2048 bit key sizes. Stay tuned for newer releases of the PDL.

               

              Regards,

              Dheeraj

              1 of 1 people found this helpful
              • 4. Re: PSoC 6 RSA: max key size?
                PaBa_4552536

                OK, thank you for checking into this!  I was just starting to make a standalone project that demonstrates the fact that 4096-bit keys don't work - I guess I won't bother finishing it now.

                 

                 

                We are using CY8C6247BZI-D54 in our design.  Will it ever support 4096-bit, or is it in the family that has a limit to 2048-bit? (I don’t know much about details of the various “families”).

                 

                Thanks

                • 5. Re: PSoC 6 RSA: max key size?
                  DheerajK_81

                  CY8C6247BZI-D54 belongs to the PSoC6 1M family and has an older version of the crypto-driver, so it will only support up-to 2048-bit.

                   

                  Regards,

                  Dheeraj

                  1 of 1 people found this helpful