mbed TLS v2.23.0
include
psa
crypto_sizes.h
Go to the documentation of this file.
1
23
/*
24
* Copyright (C) 2018, ARM Limited, All Rights Reserved
25
* SPDX-License-Identifier: Apache-2.0
26
*
27
* Licensed under the Apache License, Version 2.0 (the "License"); you may
28
* not use this file except in compliance with the License.
29
* You may obtain a copy of the License at
30
*
31
* http://www.apache.org/licenses/LICENSE-2.0
32
*
33
* Unless required by applicable law or agreed to in writing, software
34
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
35
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
36
* See the License for the specific language governing permissions and
37
* limitations under the License.
38
*
39
* This file is part of mbed TLS (https://tls.mbed.org)
40
*/
41
42
#ifndef PSA_CRYPTO_SIZES_H
43
#define PSA_CRYPTO_SIZES_H
44
45
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
46
* in each of its header files. */
47
#if !defined(MBEDTLS_CONFIG_FILE)
48
#include "
mbedtls/config.h
"
49
#else
50
#include MBEDTLS_CONFIG_FILE
51
#endif
52
53
#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
54
#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
55
56
#define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
57
(((length) + (block_size) - 1) / (block_size) * (block_size))
58
73
#define PSA_HASH_SIZE(alg) \
74
( \
75
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
76
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \
77
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
78
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
79
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
80
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
81
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
82
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
83
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
84
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
85
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
86
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
87
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
88
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
89
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
90
0)
91
100
/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
101
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
102
* HMAC-SHA3-512. */
103
#if defined(MBEDTLS_SHA512_C)
104
#define PSA_HASH_MAX_SIZE 64
105
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
106
#else
107
#define PSA_HASH_MAX_SIZE 32
108
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
109
#endif
110
119
/* All non-HMAC MACs have a maximum size that's smaller than the
120
* minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
121
/* Note that the encoding of truncated MAC algorithms limits this value
122
* to 64 bytes.
123
*/
124
#define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
125
141
#define PSA_AEAD_TAG_LENGTH(alg) \
142
(PSA_ALG_IS_AEAD(alg) ? \
143
(((alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> PSA_AEAD_TAG_LENGTH_OFFSET) : \
144
0)
145
146
/* The maximum size of an RSA key on this implementation, in bits.
147
* This is a vendor-specific macro.
148
*
149
* Mbed TLS does not set a hard limit on the size of RSA keys: any key
150
* whose parameters fit in a bignum is accepted. However large keys can
151
* induce a large memory usage and long computation times. Unlike other
152
* auxiliary macros in this file and in crypto.h, which reflect how the
153
* library is configured, this macro defines how the library is
154
* configured. This implementation refuses to import or generate an
155
* RSA key whose size is larger than the value defined here.
156
*
157
* Note that an implementation may set different size limits for different
158
* operations, and does not need to accept all key sizes up to the limit. */
159
#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
160
161
/* The maximum size of an ECC key on this implementation, in bits.
162
* This is a vendor-specific macro. */
163
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
164
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
165
#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
166
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
167
#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
168
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
169
#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
170
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
171
#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
172
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
173
#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
174
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
175
#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
176
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
177
#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
178
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
179
#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
180
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
181
#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
182
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
183
#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
184
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
185
#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
186
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
187
#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
188
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
189
#else
190
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
191
#endif
192
207
#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN 128
208
210
#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE 16
211
229
#define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) \
230
((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
231
PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_GET_HASH(alg)) : \
232
PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \
233
((void)(key_type), (void)(key_bits), 0))
234
254
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
255
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
256
(plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \
257
0)
258
278
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
279
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
280
(ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : \
281
0)
282
302
/* For all the AEAD modes defined in this specification, it is possible
303
* to emit output without delay. However, hardware may not always be
304
* capable of this. So for modes based on a block cipher, allow the
305
* implementation to delay the output until it has a full block. */
306
#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \
307
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
308
PSA_ROUND_UP_TO_MULTIPLE(PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE, (input_length)) : \
309
(input_length))
310
329
#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \
330
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
331
PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : \
332
0)
333
352
#define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg) \
353
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
354
PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : \
355
0)
356
357
#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
358
(PSA_ALG_IS_RSA_OAEP(alg) ? \
359
2 * PSA_HASH_SIZE(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
360
11
/*PKCS#1v1.5*/
)
361
370
#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
371
(PSA_BITS_TO_BYTES(curve_bits) * 2)
372
399
#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
400
(PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
401
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
402
((void)alg, 0))
403
404
#define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
405
PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
406
415
#define PSA_SIGNATURE_MAX_SIZE \
416
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
417
PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
418
PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE)
419
446
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
447
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
448
((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
449
0)
450
477
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
478
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
479
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
480
0)
481
482
/* Maximum size of the ASN.1 encoding of an INTEGER with the specified
483
* number of bits.
484
*
485
* This definition assumes that bits <= 2^19 - 9 so that the length field
486
* is at most 3 bytes. The length of the encoding is the length of the
487
* bit string padded to a whole number of bytes plus:
488
* - 1 type byte;
489
* - 1 to 3 length bytes;
490
* - 0 to 1 bytes of leading 0 due to the sign bit.
491
*/
492
#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
493
((bits) / 8 + 5)
494
495
/* Maximum size of the export encoding of an RSA public key.
496
* Assumes that the public exponent is less than 2^32.
497
*
498
* RSAPublicKey ::= SEQUENCE {
499
* modulus INTEGER, -- n
500
* publicExponent INTEGER } -- e
501
*
502
* - 4 bytes of SEQUENCE overhead;
503
* - n : INTEGER;
504
* - 7 bytes for the public exponent.
505
*/
506
#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
507
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
508
509
/* Maximum size of the export encoding of an RSA key pair.
510
* Assumes thatthe public exponent is less than 2^32 and that the size
511
* difference between the two primes is at most 1 bit.
512
*
513
* RSAPrivateKey ::= SEQUENCE {
514
* version Version, -- 0
515
* modulus INTEGER, -- N-bit
516
* publicExponent INTEGER, -- 32-bit
517
* privateExponent INTEGER, -- N-bit
518
* prime1 INTEGER, -- N/2-bit
519
* prime2 INTEGER, -- N/2-bit
520
* exponent1 INTEGER, -- N/2-bit
521
* exponent2 INTEGER, -- N/2-bit
522
* coefficient INTEGER, -- N/2-bit
523
* }
524
*
525
* - 4 bytes of SEQUENCE overhead;
526
* - 3 bytes of version;
527
* - 7 half-size INTEGERs plus 2 full-size INTEGERs,
528
* overapproximated as 9 half-size INTEGERS;
529
* - 7 bytes for the public exponent.
530
*/
531
#define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
532
(9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
533
534
/* Maximum size of the export encoding of a DSA public key.
535
*
536
* SubjectPublicKeyInfo ::= SEQUENCE {
537
* algorithm AlgorithmIdentifier,
538
* subjectPublicKey BIT STRING } -- contains DSAPublicKey
539
* AlgorithmIdentifier ::= SEQUENCE {
540
* algorithm OBJECT IDENTIFIER,
541
* parameters Dss-Parms } -- SEQUENCE of 3 INTEGERs
542
* DSAPublicKey ::= INTEGER -- public key, Y
543
*
544
* - 3 * 4 bytes of SEQUENCE overhead;
545
* - 1 + 1 + 7 bytes of algorithm (DSA OID);
546
* - 4 bytes of BIT STRING overhead;
547
* - 3 full-size INTEGERs (p, g, y);
548
* - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
549
*/
550
#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
551
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
552
553
/* Maximum size of the export encoding of a DSA key pair.
554
*
555
* DSAPrivateKey ::= SEQUENCE {
556
* version Version, -- 0
557
* prime INTEGER, -- p
558
* subprime INTEGER, -- q
559
* generator INTEGER, -- g
560
* public INTEGER, -- y
561
* private INTEGER, -- x
562
* }
563
*
564
* - 4 bytes of SEQUENCE overhead;
565
* - 3 bytes of version;
566
* - 3 full-size INTEGERs (p, g, y);
567
* - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
568
*/
569
#define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
570
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
571
572
/* Maximum size of the export encoding of an ECC public key.
573
*
574
* The representation of an ECC public key is:
575
* - The byte 0x04;
576
* - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
577
* - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
578
* - where m is the bit size associated with the curve.
579
*
580
* - 1 byte + 2 * point size.
581
*/
582
#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
583
(2 * PSA_BITS_TO_BYTES(key_bits) + 1)
584
585
/* Maximum size of the export encoding of an ECC key pair.
586
*
587
* An ECC key pair is represented by the secret value.
588
*/
589
#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
590
(PSA_BITS_TO_BYTES(key_bits))
591
652
#define PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits) \
653
(PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
654
(key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
655
(key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
656
(key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
657
(key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
658
PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
659
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
660
0)
661
662
#endif
/* PSA_CRYPTO_SIZES_H */
config.h
Configuration options (set of defines)
Generated on Sun Jul 19 2020 13:15:47 for mbed TLS v2.23.0 by
1.8.18