Platform Security Architecture — cryptography and keystore interface
beta 2 — 2019-02-22
Main Page
Modules
Classes
Files
File List
File Members
psa
crypto_sizes.h
Go to the documentation of this file.
1
23
/*
24
* Copyright (C) 2018, ARM Limited, All Rights Reserved
25
* SPDX-License-Identifier: Apache-2.0
26
*
27
* Licensed under the Apache License, Version 2.0 (the "License"); you may
28
* not use this file except in compliance with the License.
29
* You may obtain a copy of the License at
30
*
31
* http://www.apache.org/licenses/LICENSE-2.0
32
*
33
* Unless required by applicable law or agreed to in writing, software
34
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
35
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
36
* See the License for the specific language governing permissions and
37
* limitations under the License.
38
*
39
* This file is part of mbed TLS (https://tls.mbed.org)
40
*/
41
42
#ifndef PSA_CRYPTO_SIZES_H
43
#define PSA_CRYPTO_SIZES_H
44
45
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
46
* in each of its header files. */
47
#if !defined(MBEDTLS_CONFIG_FILE)
48
#include "../mbedtls/config.h"
49
#else
50
#include MBEDTLS_CONFIG_FILE
51
#endif
52
53
#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
54
#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
55
70
#define PSA_HASH_SIZE(alg) \
71
( \
72
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
73
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \
74
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
75
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
76
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
77
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
78
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
79
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
80
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
81
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
82
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
83
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
84
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
85
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
86
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
87
0)
88
97
/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
98
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
99
* HMAC-SHA3-512. */
100
#if defined(MBEDTLS_SHA512_C)
101
#define PSA_HASH_MAX_SIZE 64
102
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
103
#else
104
#define PSA_HASH_MAX_SIZE 32
105
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
106
#endif
107
116
/* All non-HMAC MACs have a maximum size that's smaller than the
117
* minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
118
/* Note that the encoding of truncated MAC algorithms limits this value
119
* to 64 bytes.
120
*/
121
#define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
122
138
#define PSA_AEAD_TAG_LENGTH(alg) \
139
(PSA_ALG_IS_AEAD(alg) ? \
140
(((alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> PSA_AEAD_TAG_LENGTH_OFFSET) : \
141
0)
142
143
/* The maximum size of an RSA key on this implementation, in bits.
144
* This is a vendor-specific macro.
145
*
146
* Mbed TLS does not set a hard limit on the size of RSA keys: any key
147
* whose parameters fit in a bignum is accepted. However large keys can
148
* induce a large memory usage and long computation times. Unlike other
149
* auxiliary macros in this file and in crypto.h, which reflect how the
150
* library is configured, this macro defines how the library is
151
* configured. This implementation refuses to import or generate an
152
* RSA key whose size is larger than the value defined here.
153
*
154
* Note that an implementation may set different size limits for different
155
* operations, and does not need to accept all key sizes up to the limit. */
156
#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
157
158
/* The maximum size of an ECC key on this implementation, in bits.
159
* This is a vendor-specific macro. */
160
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
161
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
162
#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
163
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
164
#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
165
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
166
#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
167
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
168
#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
169
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
170
#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
171
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
172
#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
173
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
174
#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
175
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
176
#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
177
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
178
#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
179
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
180
#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
181
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
182
#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
183
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
184
#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
185
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
186
#else
187
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
188
#endif
189
204
#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN 128
205
214
#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \
215
PSA_BITS_TO_BYTES( \
216
PSA_VENDOR_RSA_MAX_KEY_BITS > PSA_VENDOR_ECC_MAX_CURVE_BITS ? \
217
PSA_VENDOR_RSA_MAX_KEY_BITS : \
218
PSA_VENDOR_ECC_MAX_CURVE_BITS \
219
)
220
222
#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE 16
223
241
#define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) \
242
((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
243
PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_GET_HASH(alg)) : \
244
PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \
245
((void)(key_type), (void)(key_bits), 0))
246
266
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
267
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
268
(plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \
269
0)
270
289
#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \
290
((size_t)0)
291
311
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
312
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
313
(plaintext_length) - PSA_AEAD_TAG_LENGTH(alg) : \
314
0)
315
316
#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
317
(PSA_ALG_IS_RSA_OAEP(alg) ? \
318
2 * PSA_HASH_FINAL_SIZE(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
319
11
/*PKCS#1v1.5*/
)
320
329
#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
330
(PSA_BITS_TO_BYTES(curve_bits) * 2)
331
358
#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
359
(PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
360
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
361
((void)alg, 0))
362
389
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
390
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
391
((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
392
0)
393
420
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
421
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
422
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
423
0)
424
425
/* Maximum size of the ASN.1 encoding of an INTEGER with the specified
426
* number of bits.
427
*
428
* This definition assumes that bits <= 2^19 - 9 so that the length field
429
* is at most 3 bytes. The length of the encoding is the length of the
430
* bit string padded to a whole number of bytes plus:
431
* - 1 type byte;
432
* - 1 to 3 length bytes;
433
* - 0 to 1 bytes of leading 0 due to the sign bit.
434
*/
435
#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
436
((bits) / 8 + 5)
437
438
/* Maximum size of the export encoding of an RSA public key.
439
* Assumes that the public exponent is less than 2^32.
440
*
441
* SubjectPublicKeyInfo ::= SEQUENCE {
442
* algorithm AlgorithmIdentifier,
443
* subjectPublicKey BIT STRING } -- contains RSAPublicKey
444
* AlgorithmIdentifier ::= SEQUENCE {
445
* algorithm OBJECT IDENTIFIER,
446
* parameters NULL }
447
* RSAPublicKey ::= SEQUENCE {
448
* modulus INTEGER, -- n
449
* publicExponent INTEGER } -- e
450
*
451
* - 3 * 4 bytes of SEQUENCE overhead;
452
* - 1 + 1 + 9 bytes of algorithm (RSA OID);
453
* - 2 bytes of NULL;
454
* - 4 bytes of BIT STRING overhead;
455
* - n : INTEGER;
456
* - 7 bytes for the public exponent.
457
*/
458
#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
459
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 36)
460
461
/* Maximum size of the export encoding of an RSA key pair.
462
* Assumes thatthe public exponent is less than 2^32 and that the size
463
* difference between the two primes is at most 1 bit.
464
*
465
* RSAPrivateKey ::= SEQUENCE {
466
* version Version, -- 0
467
* modulus INTEGER, -- N-bit
468
* publicExponent INTEGER, -- 32-bit
469
* privateExponent INTEGER, -- N-bit
470
* prime1 INTEGER, -- N/2-bit
471
* prime2 INTEGER, -- N/2-bit
472
* exponent1 INTEGER, -- N/2-bit
473
* exponent2 INTEGER, -- N/2-bit
474
* coefficient INTEGER, -- N/2-bit
475
* }
476
*
477
* - 4 bytes of SEQUENCE overhead;
478
* - 3 bytes of version;
479
* - 7 half-size INTEGERs plus 2 full-size INTEGERs,
480
* overapproximated as 9 half-size INTEGERS;
481
* - 7 bytes for the public exponent.
482
*/
483
#define PSA_KEY_EXPORT_RSA_KEYPAIR_MAX_SIZE(key_bits) \
484
(9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
485
486
/* Maximum size of the export encoding of a DSA public key.
487
*
488
* SubjectPublicKeyInfo ::= SEQUENCE {
489
* algorithm AlgorithmIdentifier,
490
* subjectPublicKey BIT STRING } -- contains DSAPublicKey
491
* AlgorithmIdentifier ::= SEQUENCE {
492
* algorithm OBJECT IDENTIFIER,
493
* parameters Dss-Parms } -- SEQUENCE of 3 INTEGERs
494
* DSAPublicKey ::= INTEGER -- public key, Y
495
*
496
* - 3 * 4 bytes of SEQUENCE overhead;
497
* - 1 + 1 + 7 bytes of algorithm (DSA OID);
498
* - 4 bytes of BIT STRING overhead;
499
* - 3 full-size INTEGERs (p, g, y);
500
* - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
501
*/
502
#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
503
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
504
505
/* Maximum size of the export encoding of a DSA key pair.
506
*
507
* DSAPrivateKey ::= SEQUENCE {
508
* version Version, -- 0
509
* prime INTEGER, -- p
510
* subprime INTEGER, -- q
511
* generator INTEGER, -- g
512
* public INTEGER, -- y
513
* private INTEGER, -- x
514
* }
515
*
516
* - 4 bytes of SEQUENCE overhead;
517
* - 3 bytes of version;
518
* - 3 full-size INTEGERs (p, g, y);
519
* - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
520
*/
521
#define PSA_KEY_EXPORT_DSA_KEYPAIR_MAX_SIZE(key_bits) \
522
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
523
524
/* Maximum size of the export encoding of an ECC public key.
525
*
526
* SubjectPublicKeyInfo ::= SEQUENCE {
527
* algorithm AlgorithmIdentifier,
528
* subjectPublicKey BIT STRING } -- contains ECPoint
529
* AlgorithmIdentifier ::= SEQUENCE {
530
* algorithm OBJECT IDENTIFIER,
531
* parameters OBJECT IDENTIFIER } -- namedCurve
532
* ECPoint ::= ...
533
* -- first 8 bits: 0x04;
534
* -- then x_P as a `ceiling(m/8)`-byte string, big endian;
535
* -- then y_P as a `ceiling(m/8)`-byte string, big endian;
536
* -- where `m` is the bit size associated with the curve.
537
*
538
* - 2 * 4 bytes of SEQUENCE overhead;
539
* - 1 + 1 + 7 bytes of algorithm (id-ecPublicKey OID);
540
* - 1 + 1 + 12 bytes of namedCurve OID;
541
* - 4 bytes of BIT STRING overhead;
542
* - 1 byte + 2 * point size in ECPoint.
543
*/
544
#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
545
(2 * PSA_BITS_TO_BYTES(key_bits) + 36)
546
547
/* Maximum size of the export encoding of an ECC key pair.
548
*
549
* An ECC key pair is represented by the secret value.
550
*/
551
#define PSA_KEY_EXPORT_ECC_KEYPAIR_MAX_SIZE(key_bits) \
552
(PSA_BITS_TO_BYTES(key_bits))
553
610
#define PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits) \
611
(PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
612
(key_type) == PSA_KEY_TYPE_RSA_KEYPAIR ? PSA_KEY_EXPORT_RSA_KEYPAIR_MAX_SIZE(key_bits) : \
613
(key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
614
(key_type) == PSA_KEY_TYPE_DSA_KEYPAIR ? PSA_KEY_EXPORT_DSA_KEYPAIR_MAX_SIZE(key_bits) : \
615
(key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
616
PSA_KEY_TYPE_IS_ECC_KEYPAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEYPAIR_MAX_SIZE(key_bits) : \
617
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
618
0)
619
620
#endif
/* PSA_CRYPTO_SIZES_H */
Generated by
1.8.11