Platform Security Architecture — cryptography and keystore interface  Working draft
crypto_sizes.h
Go to the documentation of this file.
1 
23 /*
24  * Copyright (C) 2018, ARM Limited, All Rights Reserved
25  * SPDX-License-Identifier: Apache-2.0
26  *
27  * Licensed under the Apache License, Version 2.0 (the "License"); you may
28  * not use this file except in compliance with the License.
29  * You may obtain a copy of the License at
30  *
31  * http://www.apache.org/licenses/LICENSE-2.0
32  *
33  * Unless required by applicable law or agreed to in writing, software
34  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
35  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
36  * See the License for the specific language governing permissions and
37  * limitations under the License.
38  *
39  * This file is part of mbed TLS (https://tls.mbed.org)
40  */
41 
42 #ifndef PSA_CRYPTO_SIZES_H
43 #define PSA_CRYPTO_SIZES_H
44 
45 /* Include the Mbed TLS configuration file, the way Mbed TLS does it
46  * in each of its header files. */
47 #if !defined(MBEDTLS_CONFIG_FILE)
48 #include "../mbedtls/config.h"
49 #else
50 #include MBEDTLS_CONFIG_FILE
51 #endif
52 
61 #if defined(MBEDTLS_SHA512_C)
62 #define PSA_HASH_MAX_SIZE 64
63 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
64 #else
65 #define PSA_HASH_MAX_SIZE 32
66 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
67 #endif
68 
77 /* All non-HMAC MACs have a maximum size that's smaller than the
78  * minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
79 #define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
80 
81 /* The maximum size of an RSA key on this implementation, in bits.
82  * This is a vendor-specific macro.
83  *
84  * Mbed TLS does not set a hard limit on the size of RSA keys: any key
85  * whose parameters fit in a bignum is accepted. However large keys can
86  * induce a large memory usage and long computation times. Unlike other
87  * auxiliary macros in this file and in crypto.h, which reflect how the
88  * library is configured, this macro defines how the library is
89  * configured. This implementation refuses to import or generate an
90  * RSA key whose size is larger than the value defined here.
91  *
92  * Note that an implementation may set different size limits for different
93  * operations, and does not need to accept all key sizes up to the limit. */
94 #define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
95 
96 /* The maximum size of an ECC key on this implementation, in bits.
97  * This is a vendor-specific macro. */
98 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
99 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
100 #elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
101 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
102 #elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
103 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
104 #elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
105 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
106 #elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
107 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
108 #elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
109 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
110 #elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
111 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
112 #elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
113 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
114 #elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
115 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
116 #elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
117 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
118 #elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
119 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
120 #elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
121 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
122 #elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
123 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
124 #else
125 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
126 #endif
127 
136 #define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \
137  PSA_BITS_TO_BYTES( \
138  PSA_VENDOR_RSA_MAX_KEY_BITS > PSA_VENDOR_ECC_MAX_CURVE_BITS ? \
139  PSA_VENDOR_RSA_MAX_KEY_BITS : \
140  PSA_VENDOR_ECC_MAX_CURVE_BITS \
141  )
142 
143 
144 
162 #define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) \
163  (PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_HASH(alg)) : \
164  PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \
165  0)
166 
186 #define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
187  (PSA_AEAD_TAG_SIZE(alg) != 0 ? \
188  (plaintext_length) + PSA_AEAD_TAG_SIZE(alg) : \
189  0)
190 
210 #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
211  (PSA_AEAD_TAG_SIZE(alg) != 0 ? \
212  (plaintext_length) - PSA_AEAD_TAG_SIZE(alg) : \
213  0)
214 
241 #define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
242  (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
243  PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
244  ((void)alg, 0))
245 
272 #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
273  (PSA_KEY_TYPE_IS_RSA(key_type) ? \
274  ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
275  0)
276 
303 #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
304  (PSA_KEY_TYPE_IS_RSA(key_type) ? \
305  PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
306  0)
307 
308 #endif /* PSA_CRYPTO_SIZES_H */