security: forbid RSA keys shorter than 2048 bits
Change-Id: Ib4a90c32d8d6065093b01ab3d28e119a232ca638
diff --git a/src/security/key-params.cpp b/src/security/key-params.cpp
index e18ae67..59bf26d 100644
--- a/src/security/key-params.cpp
+++ b/src/security/key-params.cpp
@@ -23,7 +23,7 @@
namespace ndn {
-static const uint32_t MIN_RSA_KEY_SIZE = 1024;
+static const uint32_t MIN_RSA_KEY_SIZE = 2048;
static const uint32_t DEFAULT_RSA_KEY_SIZE = 2048;
static const uint32_t EC_KEY_SIZES[] = {224, 256, 384, 521};
static const uint32_t DEFAULT_EC_KEY_SIZE = 256;
diff --git a/tests/unit-tests/security/key-params.t.cpp b/tests/unit-tests/security/key-params.t.cpp
index 46dea97..991c346 100644
--- a/tests/unit-tests/security/key-params.t.cpp
+++ b/tests/unit-tests/security/key-params.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2017 Regents of the University of California.
+ * Copyright (c) 2013-2018 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -38,12 +38,12 @@
BOOST_CHECK_EQUAL(params.getKeySize(), 2048);
BOOST_CHECK(params.getKeyIdType() == KeyIdType::RANDOM);
- RsaKeyParams params2(1024, KeyIdType::SHA256);
+ RsaKeyParams params2(4096, KeyIdType::SHA256);
BOOST_CHECK_EQUAL(params2.getKeyType(), KeyType::RSA);
- BOOST_CHECK_EQUAL(params2.getKeySize(), 1024);
+ BOOST_CHECK_EQUAL(params2.getKeySize(), 4096);
BOOST_CHECK(params2.getKeyIdType() == KeyIdType::SHA256);
- BOOST_CHECK_THROW(RsaKeyParams(3), KeyParams::Error);
+ BOOST_CHECK_THROW(RsaKeyParams(1024), KeyParams::Error);
name::Component keyId("keyId");
RsaKeyParams params4(keyId);