Platform Security Architecture — cryptography and keystore interface
Working draft
psa
crypto_sizes.h
Go to the documentation of this file.
1
23
/*
24
* Copyright (C) 2018, ARM Limited, All Rights Reserved
25
* SPDX-License-Identifier: Apache-2.0
26
*
27
* Licensed under the Apache License, Version 2.0 (the "License"); you may
28
* not use this file except in compliance with the License.
29
* You may obtain a copy of the License at
30
*
31
* http://www.apache.org/licenses/LICENSE-2.0
32
*
33
* Unless required by applicable law or agreed to in writing, software
34
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
35
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
36
* See the License for the specific language governing permissions and
37
* limitations under the License.
38
*
39
* This file is part of mbed TLS (https://tls.mbed.org)
40
*/
41
42
#ifndef PSA_CRYPTO_SIZES_H
43
#define PSA_CRYPTO_SIZES_H
44
45
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
46
* in each of its header files. */
47
#if !defined(MBEDTLS_CONFIG_FILE)
48
#include "../mbedtls/config.h"
49
#else
50
#include MBEDTLS_CONFIG_FILE
51
#endif
52
61
#if defined(MBEDTLS_SHA512_C)
62
#define PSA_HASH_MAX_SIZE 64
63
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
64
#else
65
#define PSA_HASH_MAX_SIZE 32
66
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
67
#endif
68
77
/* All non-HMAC MACs have a maximum size that's smaller than the
78
* minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
79
#define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
80
81
/* The maximum size of an RSA key on this implementation, in bits.
82
* This is a vendor-specific macro.
83
*
84
* Mbed TLS does not set a hard limit on the size of RSA keys: any key
85
* whose parameters fit in a bignum is accepted. However large keys can
86
* induce a large memory usage and long computation times. Unlike other
87
* auxiliary macros in this file and in crypto.h, which reflect how the
88
* library is configured, this macro defines how the library is
89
* configured. This implementation refuses to import or generate an
90
* RSA key whose size is larger than the value defined here.
91
*
92
* Note that an implementation may set different size limits for different
93
* operations, and does not need to accept all key sizes up to the limit. */
94
#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
95
96
/* The maximum size of an ECC key on this implementation, in bits.
97
* This is a vendor-specific macro. */
98
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
99
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
100
#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
101
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
102
#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
103
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
104
#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
105
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
106
#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
107
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
108
#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
109
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
110
#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
111
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
112
#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
113
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
114
#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
115
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
116
#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
117
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
118
#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
119
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
120
#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
121
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
122
#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
123
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
124
#else
125
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
126
#endif
127
136
#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \
137
PSA_BITS_TO_BYTES( \
138
PSA_VENDOR_RSA_MAX_KEY_BITS > PSA_VENDOR_ECC_MAX_CURVE_BITS ? \
139
PSA_VENDOR_RSA_MAX_KEY_BITS : \
140
PSA_VENDOR_ECC_MAX_CURVE_BITS \
141
)
142
143
144
162
#define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) \
163
(PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_HASH(alg)) : \
164
PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \
165
0)
166
186
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
187
(PSA_AEAD_TAG_SIZE(alg) != 0 ? \
188
(plaintext_length) + PSA_AEAD_TAG_SIZE(alg) : \
189
0)
190
210
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
211
(PSA_AEAD_TAG_SIZE(alg) != 0 ? \
212
(plaintext_length) - PSA_AEAD_TAG_SIZE(alg) : \
213
0)
214
241
#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
242
(PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
243
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
244
((void)alg, 0))
245
272
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
273
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
274
((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
275
0)
276
303
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
304
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
305
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
306
0)
307
308
#endif
/* PSA_CRYPTO_SIZES_H */
Generated by
1.8.13