mbed TLS v2.23.0
crypto_sizes.h
Go to the documentation of this file.
1 
23 /*
24  * Copyright (C) 2018, ARM Limited, All Rights Reserved
25  * SPDX-License-Identifier: Apache-2.0
26  *
27  * Licensed under the Apache License, Version 2.0 (the "License"); you may
28  * not use this file except in compliance with the License.
29  * You may obtain a copy of the License at
30  *
31  * http://www.apache.org/licenses/LICENSE-2.0
32  *
33  * Unless required by applicable law or agreed to in writing, software
34  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
35  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
36  * See the License for the specific language governing permissions and
37  * limitations under the License.
38  *
39  * This file is part of mbed TLS (https://tls.mbed.org)
40  */
41 
42 #ifndef PSA_CRYPTO_SIZES_H
43 #define PSA_CRYPTO_SIZES_H
44 
45 /* Include the Mbed TLS configuration file, the way Mbed TLS does it
46  * in each of its header files. */
47 #if !defined(MBEDTLS_CONFIG_FILE)
48 #include "mbedtls/config.h"
49 #else
50 #include MBEDTLS_CONFIG_FILE
51 #endif
52 
53 #define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
54 #define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
55 
56 #define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
57  (((length) + (block_size) - 1) / (block_size) * (block_size))
58 
73 #define PSA_HASH_SIZE(alg) \
74  ( \
75  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
76  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \
77  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
78  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
79  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
80  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
81  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
82  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
83  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
84  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
85  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
86  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
87  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
88  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
89  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
90  0)
91 
100 /* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
101  * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
102  * HMAC-SHA3-512. */
103 #if defined(MBEDTLS_SHA512_C)
104 #define PSA_HASH_MAX_SIZE 64
105 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
106 #else
107 #define PSA_HASH_MAX_SIZE 32
108 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
109 #endif
110 
119 /* All non-HMAC MACs have a maximum size that's smaller than the
120  * minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
121 /* Note that the encoding of truncated MAC algorithms limits this value
122  * to 64 bytes.
123  */
124 #define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
125 
141 #define PSA_AEAD_TAG_LENGTH(alg) \
142  (PSA_ALG_IS_AEAD(alg) ? \
143  (((alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> PSA_AEAD_TAG_LENGTH_OFFSET) : \
144  0)
145 
146 /* The maximum size of an RSA key on this implementation, in bits.
147  * This is a vendor-specific macro.
148  *
149  * Mbed TLS does not set a hard limit on the size of RSA keys: any key
150  * whose parameters fit in a bignum is accepted. However large keys can
151  * induce a large memory usage and long computation times. Unlike other
152  * auxiliary macros in this file and in crypto.h, which reflect how the
153  * library is configured, this macro defines how the library is
154  * configured. This implementation refuses to import or generate an
155  * RSA key whose size is larger than the value defined here.
156  *
157  * Note that an implementation may set different size limits for different
158  * operations, and does not need to accept all key sizes up to the limit. */
159 #define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
160 
161 /* The maximum size of an ECC key on this implementation, in bits.
162  * This is a vendor-specific macro. */
163 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
164 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
165 #elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
166 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
167 #elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
168 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
169 #elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
170 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
171 #elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
172 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
173 #elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
174 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
175 #elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
176 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
177 #elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
178 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
179 #elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
180 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
181 #elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
182 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
183 #elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
184 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
185 #elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
186 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
187 #elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
188 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
189 #else
190 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
191 #endif
192 
207 #define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN 128
208 
210 #define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE 16
211 
229 #define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) \
230  ((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
231  PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_GET_HASH(alg)) : \
232  PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \
233  ((void)(key_type), (void)(key_bits), 0))
234 
254 #define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
255  (PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
256  (plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \
257  0)
258 
278 #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
279  (PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
280  (ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : \
281  0)
282 
302 /* For all the AEAD modes defined in this specification, it is possible
303  * to emit output without delay. However, hardware may not always be
304  * capable of this. So for modes based on a block cipher, allow the
305  * implementation to delay the output until it has a full block. */
306 #define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \
307  (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
308  PSA_ROUND_UP_TO_MULTIPLE(PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE, (input_length)) : \
309  (input_length))
310 
329 #define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \
330  (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
331  PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : \
332  0)
333 
352 #define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg) \
353  (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
354  PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : \
355  0)
356 
357 #define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
358  (PSA_ALG_IS_RSA_OAEP(alg) ? \
359  2 * PSA_HASH_SIZE(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
360  11 /*PKCS#1v1.5*/)
361 
370 #define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
371  (PSA_BITS_TO_BYTES(curve_bits) * 2)
372 
399 #define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
400  (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
401  PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
402  ((void)alg, 0))
403 
404 #define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
405  PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
406 
415 #define PSA_SIGNATURE_MAX_SIZE \
416  (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
417  PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
418  PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE)
419 
446 #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
447  (PSA_KEY_TYPE_IS_RSA(key_type) ? \
448  ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
449  0)
450 
477 #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
478  (PSA_KEY_TYPE_IS_RSA(key_type) ? \
479  PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
480  0)
481 
482 /* Maximum size of the ASN.1 encoding of an INTEGER with the specified
483  * number of bits.
484  *
485  * This definition assumes that bits <= 2^19 - 9 so that the length field
486  * is at most 3 bytes. The length of the encoding is the length of the
487  * bit string padded to a whole number of bytes plus:
488  * - 1 type byte;
489  * - 1 to 3 length bytes;
490  * - 0 to 1 bytes of leading 0 due to the sign bit.
491  */
492 #define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
493  ((bits) / 8 + 5)
494 
495 /* Maximum size of the export encoding of an RSA public key.
496  * Assumes that the public exponent is less than 2^32.
497  *
498  * RSAPublicKey ::= SEQUENCE {
499  * modulus INTEGER, -- n
500  * publicExponent INTEGER } -- e
501  *
502  * - 4 bytes of SEQUENCE overhead;
503  * - n : INTEGER;
504  * - 7 bytes for the public exponent.
505  */
506 #define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
507  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
508 
509 /* Maximum size of the export encoding of an RSA key pair.
510  * Assumes thatthe public exponent is less than 2^32 and that the size
511  * difference between the two primes is at most 1 bit.
512  *
513  * RSAPrivateKey ::= SEQUENCE {
514  * version Version, -- 0
515  * modulus INTEGER, -- N-bit
516  * publicExponent INTEGER, -- 32-bit
517  * privateExponent INTEGER, -- N-bit
518  * prime1 INTEGER, -- N/2-bit
519  * prime2 INTEGER, -- N/2-bit
520  * exponent1 INTEGER, -- N/2-bit
521  * exponent2 INTEGER, -- N/2-bit
522  * coefficient INTEGER, -- N/2-bit
523  * }
524  *
525  * - 4 bytes of SEQUENCE overhead;
526  * - 3 bytes of version;
527  * - 7 half-size INTEGERs plus 2 full-size INTEGERs,
528  * overapproximated as 9 half-size INTEGERS;
529  * - 7 bytes for the public exponent.
530  */
531 #define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
532  (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
533 
534 /* Maximum size of the export encoding of a DSA public key.
535  *
536  * SubjectPublicKeyInfo ::= SEQUENCE {
537  * algorithm AlgorithmIdentifier,
538  * subjectPublicKey BIT STRING } -- contains DSAPublicKey
539  * AlgorithmIdentifier ::= SEQUENCE {
540  * algorithm OBJECT IDENTIFIER,
541  * parameters Dss-Parms } -- SEQUENCE of 3 INTEGERs
542  * DSAPublicKey ::= INTEGER -- public key, Y
543  *
544  * - 3 * 4 bytes of SEQUENCE overhead;
545  * - 1 + 1 + 7 bytes of algorithm (DSA OID);
546  * - 4 bytes of BIT STRING overhead;
547  * - 3 full-size INTEGERs (p, g, y);
548  * - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
549  */
550 #define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
551  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
552 
553 /* Maximum size of the export encoding of a DSA key pair.
554  *
555  * DSAPrivateKey ::= SEQUENCE {
556  * version Version, -- 0
557  * prime INTEGER, -- p
558  * subprime INTEGER, -- q
559  * generator INTEGER, -- g
560  * public INTEGER, -- y
561  * private INTEGER, -- x
562  * }
563  *
564  * - 4 bytes of SEQUENCE overhead;
565  * - 3 bytes of version;
566  * - 3 full-size INTEGERs (p, g, y);
567  * - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
568  */
569 #define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
570  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
571 
572 /* Maximum size of the export encoding of an ECC public key.
573  *
574  * The representation of an ECC public key is:
575  * - The byte 0x04;
576  * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
577  * - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
578  * - where m is the bit size associated with the curve.
579  *
580  * - 1 byte + 2 * point size.
581  */
582 #define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
583  (2 * PSA_BITS_TO_BYTES(key_bits) + 1)
584 
585 /* Maximum size of the export encoding of an ECC key pair.
586  *
587  * An ECC key pair is represented by the secret value.
588  */
589 #define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
590  (PSA_BITS_TO_BYTES(key_bits))
591 
652 #define PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits) \
653  (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
654  (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
655  (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
656  (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
657  (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
658  PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
659  PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
660  0)
661 
662 #endif /* PSA_CRYPTO_SIZES_H */
config.h
Configuration options (set of defines)