Searched hist:c999bfc60869d707a2db42ec1b704e90b2755029 (Results 1 – 1 of 1) sorted by relevance
| /optee_os/core/crypto/ |
| H A D | signed_hdr.c | c999bfc60869d707a2db42ec1b704e90b2755029 Tue Apr 15 11:51:21 UTC 2025 Joakim Bech <joakim.bech@linaro.org> shdr: add check for weak key sizes
Add a function is_weak_key_size(...), which checks whether a given key
size (in bits) complies with current security standards. If the key size
is lower than 2048, then it's considered deprecated and will make
signature verification fail. Note that this only affects verifying TA
and subkey signatures.
This change aligns with GlobalPlatform's decision, influenced by
feedback from ANSSI, BSI, SOGIS, and NIST. For further details on the
GlobalPlatform's cryptographic algorithm recommendations, see [1].
Link: https://globalplatform.org/specs-library/globalplatform-technology-cryptographic-algorithm-recommendations/ [1]
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|