mbed TLS v2.24.0
Main Page
Related Pages
Modules
Data Structures
Files
File List
Globals
include
mbedcrypto
psa
crypto_sizes.h
Go to the documentation of this file.
1
23
/*
24
* Copyright The Mbed TLS Contributors
25
* SPDX-License-Identifier: Apache-2.0
26
*
27
* Licensed under the Apache License, Version 2.0 (the "License"); you may
28
* not use this file except in compliance with the License.
29
* You may obtain a copy of the License at
30
*
31
* http://www.apache.org/licenses/LICENSE-2.0
32
*
33
* Unless required by applicable law or agreed to in writing, software
34
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
35
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
36
* See the License for the specific language governing permissions and
37
* limitations under the License.
38
*/
39
40
#ifndef PSA_CRYPTO_SIZES_H
41
#define PSA_CRYPTO_SIZES_H
42
43
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
44
* in each of its header files. */
45
#if !defined(MBEDTLS_CONFIG_FILE)
46
#include "
mbedtls/config.h
"
47
#else
48
#include MBEDTLS_CONFIG_FILE
49
#endif
50
51
#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
52
#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
53
54
#define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
55
(((length) + (block_size) - 1) / (block_size) * (block_size))
56
71
#define PSA_HASH_SIZE(alg) \
72
( \
73
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
74
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \
75
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
76
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
77
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
78
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
79
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
80
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
81
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
82
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
83
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
84
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
85
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
86
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
87
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
88
0)
89
98
/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
99
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
100
* HMAC-SHA3-512. */
101
#if defined(MBEDTLS_SHA512_C)
102
#define PSA_HASH_MAX_SIZE 64
103
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
104
#else
105
#define PSA_HASH_MAX_SIZE 32
106
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
107
#endif
108
117
/* All non-HMAC MACs have a maximum size that's smaller than the
118
* minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
119
/* Note that the encoding of truncated MAC algorithms limits this value
120
* to 64 bytes.
121
*/
122
#define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
123
139
#define PSA_AEAD_TAG_LENGTH(alg) \
140
(PSA_ALG_IS_AEAD(alg) ? \
141
(((alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> PSA_AEAD_TAG_LENGTH_OFFSET) : \
142
0)
143
144
/* The maximum size of an RSA key on this implementation, in bits.
145
* This is a vendor-specific macro.
146
*
147
* Mbed TLS does not set a hard limit on the size of RSA keys: any key
148
* whose parameters fit in a bignum is accepted. However large keys can
149
* induce a large memory usage and long computation times. Unlike other
150
* auxiliary macros in this file and in crypto.h, which reflect how the
151
* library is configured, this macro defines how the library is
152
* configured. This implementation refuses to import or generate an
153
* RSA key whose size is larger than the value defined here.
154
*
155
* Note that an implementation may set different size limits for different
156
* operations, and does not need to accept all key sizes up to the limit. */
157
#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
158
159
/* The maximum size of an ECC key on this implementation, in bits.
160
* This is a vendor-specific macro. */
161
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
162
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
163
#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
164
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
165
#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
166
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
167
#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
168
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
169
#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
170
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
171
#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
172
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
173
#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
174
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
175
#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
176
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
177
#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
178
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
179
#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
180
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
181
#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
182
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
183
#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
184
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
185
#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
186
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
187
#else
188
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
189
#endif
190
205
#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN 128
206
208
#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE 16
209
227
#define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) \
228
((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
229
PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_GET_HASH(alg)) : \
230
PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \
231
((void)(key_type), (void)(key_bits), 0))
232
252
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
253
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
254
(plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \
255
0)
256
276
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
277
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
278
(ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : \
279
0)
280
300
/* For all the AEAD modes defined in this specification, it is possible
301
* to emit output without delay. However, hardware may not always be
302
* capable of this. So for modes based on a block cipher, allow the
303
* implementation to delay the output until it has a full block. */
304
#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \
305
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
306
PSA_ROUND_UP_TO_MULTIPLE(PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE, (input_length)) : \
307
(input_length))
308
327
#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \
328
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
329
PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : \
330
0)
331
350
#define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg) \
351
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
352
PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : \
353
0)
354
355
#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
356
(PSA_ALG_IS_RSA_OAEP(alg) ? \
357
2 * PSA_HASH_SIZE(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
358
11
/*PKCS#1v1.5*/
)
359
368
#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
369
(PSA_BITS_TO_BYTES(curve_bits) * 2)
370
397
#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
398
(PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
399
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
400
((void)alg, 0))
401
402
#define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
403
PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
404
413
#define PSA_SIGNATURE_MAX_SIZE \
414
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
415
PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
416
PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE)
417
444
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
445
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
446
((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
447
0)
448
475
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
476
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
477
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
478
0)
479
480
/* Maximum size of the ASN.1 encoding of an INTEGER with the specified
481
* number of bits.
482
*
483
* This definition assumes that bits <= 2^19 - 9 so that the length field
484
* is at most 3 bytes. The length of the encoding is the length of the
485
* bit string padded to a whole number of bytes plus:
486
* - 1 type byte;
487
* - 1 to 3 length bytes;
488
* - 0 to 1 bytes of leading 0 due to the sign bit.
489
*/
490
#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
491
((bits) / 8 + 5)
492
493
/* Maximum size of the export encoding of an RSA public key.
494
* Assumes that the public exponent is less than 2^32.
495
*
496
* RSAPublicKey ::= SEQUENCE {
497
* modulus INTEGER, -- n
498
* publicExponent INTEGER } -- e
499
*
500
* - 4 bytes of SEQUENCE overhead;
501
* - n : INTEGER;
502
* - 7 bytes for the public exponent.
503
*/
504
#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
505
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
506
507
/* Maximum size of the export encoding of an RSA key pair.
508
* Assumes thatthe public exponent is less than 2^32 and that the size
509
* difference between the two primes is at most 1 bit.
510
*
511
* RSAPrivateKey ::= SEQUENCE {
512
* version Version, -- 0
513
* modulus INTEGER, -- N-bit
514
* publicExponent INTEGER, -- 32-bit
515
* privateExponent INTEGER, -- N-bit
516
* prime1 INTEGER, -- N/2-bit
517
* prime2 INTEGER, -- N/2-bit
518
* exponent1 INTEGER, -- N/2-bit
519
* exponent2 INTEGER, -- N/2-bit
520
* coefficient INTEGER, -- N/2-bit
521
* }
522
*
523
* - 4 bytes of SEQUENCE overhead;
524
* - 3 bytes of version;
525
* - 7 half-size INTEGERs plus 2 full-size INTEGERs,
526
* overapproximated as 9 half-size INTEGERS;
527
* - 7 bytes for the public exponent.
528
*/
529
#define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
530
(9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
531
532
/* Maximum size of the export encoding of a DSA public key.
533
*
534
* SubjectPublicKeyInfo ::= SEQUENCE {
535
* algorithm AlgorithmIdentifier,
536
* subjectPublicKey BIT STRING } -- contains DSAPublicKey
537
* AlgorithmIdentifier ::= SEQUENCE {
538
* algorithm OBJECT IDENTIFIER,
539
* parameters Dss-Parms } -- SEQUENCE of 3 INTEGERs
540
* DSAPublicKey ::= INTEGER -- public key, Y
541
*
542
* - 3 * 4 bytes of SEQUENCE overhead;
543
* - 1 + 1 + 7 bytes of algorithm (DSA OID);
544
* - 4 bytes of BIT STRING overhead;
545
* - 3 full-size INTEGERs (p, g, y);
546
* - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
547
*/
548
#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
549
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
550
551
/* Maximum size of the export encoding of a DSA key pair.
552
*
553
* DSAPrivateKey ::= SEQUENCE {
554
* version Version, -- 0
555
* prime INTEGER, -- p
556
* subprime INTEGER, -- q
557
* generator INTEGER, -- g
558
* public INTEGER, -- y
559
* private INTEGER, -- x
560
* }
561
*
562
* - 4 bytes of SEQUENCE overhead;
563
* - 3 bytes of version;
564
* - 3 full-size INTEGERs (p, g, y);
565
* - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
566
*/
567
#define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
568
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
569
570
/* Maximum size of the export encoding of an ECC public key.
571
*
572
* The representation of an ECC public key is:
573
* - The byte 0x04;
574
* - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
575
* - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
576
* - where m is the bit size associated with the curve.
577
*
578
* - 1 byte + 2 * point size.
579
*/
580
#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
581
(2 * PSA_BITS_TO_BYTES(key_bits) + 1)
582
583
/* Maximum size of the export encoding of an ECC key pair.
584
*
585
* An ECC key pair is represented by the secret value.
586
*/
587
#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
588
(PSA_BITS_TO_BYTES(key_bits))
589
650
#define PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits) \
651
(PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
652
(key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
653
(key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
654
(key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
655
(key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
656
PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
657
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
658
0)
659
660
#endif
/* PSA_CRYPTO_SIZES_H */
config.h
Configuration options (set of defines)
Generated on Tue Feb 16 2021 08:45:56 for mbed TLS v2.24.0 by
1.8.6