Skip to content

Change RSA.LegalKeySizes for Apple platforms to return 8192 #110591

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vcsjones merged 5 commits into from
Jan 3, 2025
Merged

Change RSA.LegalKeySizes for Apple platforms to return 8192 #110591

vcsjones merged 5 commits into from
Jan 3, 2025

Conversation

@vcsjones
Copy link
Member

@vcsjones vcsjones commented Dec 10, 2024

This changes RSA.LegalKeySizes to return a maximum of 8192 on Apple platforms, as opposed to 16384. At least on macOS Sequoia and Sonoma, the limit is 8192-bit.

While we are here, memoize the KeySizes instance. They are immutable. The returned array is not - so we only memoize the interior KeySizes instance, not the returned array.

Closes #110588.

@ghost ghost added the area-System.Security label Dec 10, 2024
@teo-tsirpanis
Copy link
Contributor

teo-tsirpanis commented Dec 10, 2024

Should we add a test that keys with the max size can be created?

@vcsjones
Copy link
Member Author

vcsjones commented Dec 10, 2024
edited
Loading

Should we add a test that keys with the max size can be created?

We do here

runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/KeyGeneration.cs

Lines 23 to 27 in cc66c77

[ConditionalFact(typeof(TestEnvironment), nameof(TestEnvironment.IsStressModeEnabled))]
public static void GenerateMaxKey()
{
GenerateKey(rsa => GetMax(rsa.LegalKeySizes));
}

But it's (effectively) a manual-only because it takes about ~30 seconds for macOS to generate an RSA 8K key. It can take several minutes for platforms that support 16K keys. Even for Outerloop that's too long, in my opinion.

This manual-only test fails without the fix, which is what prompted me to make the change.

@teo-tsirpanis
Copy link
Contributor

teo-tsirpanis commented Dec 10, 2024

Makes sense, thanks.

@build-analysis build-analysis bot mentioned this pull request Dec 10, 2024
Closed
This was referenced Dec 11, 2024
Open
Closed
@build-analysis build-analysis bot mentioned this pull request Dec 12, 2024
Open
3 tasks
@build-analysis build-analysis bot mentioned this pull request Jan 2, 2025
Open
3 tasks
@vcsjones vcsjones merged commit 192f43b into dotnet:main Jan 3, 2025
81 of 83 checks passed
@vcsjones vcsjones deleted the macos-max-rsa-key-size branch January 3, 2025 21:54
@vcsjones vcsjones added this to the 10.0.0 milestone Jan 3, 2025
@vcsjones vcsjones added the cryptographic-docs-impact Issues impacting cryptographic docs. Cleared and reused after documentation is updated each release. label Jan 3, 2025
@github-actions github-actions bot locked and limited conversation to collaborators Feb 3, 2025
@bartonjs bartonjs added the tracking This issue is tracking the completion of other related issues. label Oct 24, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@krwq krwq krwq left review comments

@bartonjs bartonjs bartonjs approved these changes

+1 more reviewer

@filipnavara filipnavara filipnavara left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@vcsjones vcsjones

Labels

area-System.Security cryptographic-docs-impact Issues impacting cryptographic docs. Cleared and reused after documentation is updated each release. tracking This issue is tracking the completion of other related issues.

Projects

None yet

Milestone

10.0.0

Development

Successfully merging this pull request may close these issues.

macOS: RSA.Create and Import fails with > 8192-bit keys

5 participants

@vcsjones @teo-tsirpanis @krwq @filipnavara @bartonjs