1 /** 2 * \file pkwrite.h 3 * 4 * \brief Internal defines shared by the PK write module 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9 */ 10 11 #ifndef MBEDTLS_PK_WRITE_H 12 #define MBEDTLS_PK_WRITE_H 13 14 #include "mbedtls/build_info.h" 15 16 #include "mbedtls/pk.h" 17 18 #if defined(MBEDTLS_USE_PSA_CRYPTO) 19 #include "psa/crypto.h" 20 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 21 22 /* 23 * Max sizes of key per types. Shown as tag + len (+ content). 24 */ 25 26 #if defined(MBEDTLS_RSA_C) 27 /* 28 * RSA public keys: 29 * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 3 30 * algorithm AlgorithmIdentifier, 1 + 1 (sequence) 31 * + 1 + 1 + 9 (rsa oid) 32 * + 1 + 1 (params null) 33 * subjectPublicKey BIT STRING } 1 + 3 + (1 + below) 34 * RSAPublicKey ::= SEQUENCE { 1 + 3 35 * modulus INTEGER, -- n 1 + 3 + MPI_MAX + 1 36 * publicExponent INTEGER -- e 1 + 3 + MPI_MAX + 1 37 * } 38 */ 39 #define MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES (38 + 2 * MBEDTLS_MPI_MAX_SIZE) 40 41 /* 42 * RSA private keys: 43 * RSAPrivateKey ::= SEQUENCE { 1 + 3 44 * version Version, 1 + 1 + 1 45 * modulus INTEGER, 1 + 3 + MPI_MAX + 1 46 * publicExponent INTEGER, 1 + 3 + MPI_MAX + 1 47 * privateExponent INTEGER, 1 + 3 + MPI_MAX + 1 48 * prime1 INTEGER, 1 + 3 + MPI_MAX / 2 + 1 49 * prime2 INTEGER, 1 + 3 + MPI_MAX / 2 + 1 50 * exponent1 INTEGER, 1 + 3 + MPI_MAX / 2 + 1 51 * exponent2 INTEGER, 1 + 3 + MPI_MAX / 2 + 1 52 * coefficient INTEGER, 1 + 3 + MPI_MAX / 2 + 1 53 * otherPrimeInfos OtherPrimeInfos OPTIONAL 0 (not supported) 54 * } 55 */ 56 #define MBEDTLS_MPI_MAX_SIZE_2 (MBEDTLS_MPI_MAX_SIZE / 2 + \ 57 MBEDTLS_MPI_MAX_SIZE % 2) 58 #define MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES (47 + 3 * MBEDTLS_MPI_MAX_SIZE \ 59 + 5 * MBEDTLS_MPI_MAX_SIZE_2) 60 61 #else /* MBEDTLS_RSA_C */ 62 63 #define MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES 0 64 #define MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES 0 65 66 #endif /* MBEDTLS_RSA_C */ 67 68 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 69 70 /* Find the maximum number of bytes necessary to store an EC point. When USE_PSA 71 * is defined this means looking for the maximum between PSA and built-in 72 * supported curves. */ 73 #if defined(MBEDTLS_USE_PSA_CRYPTO) 74 #define MBEDTLS_PK_MAX_ECC_BYTES (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ 75 MBEDTLS_ECP_MAX_BYTES ? \ 76 PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) : \ 77 MBEDTLS_ECP_MAX_BYTES) 78 #else /* MBEDTLS_USE_PSA_CRYPTO */ 79 #define MBEDTLS_PK_MAX_ECC_BYTES MBEDTLS_ECP_MAX_BYTES 80 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 81 82 /* 83 * EC public keys: 84 * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2 85 * algorithm AlgorithmIdentifier, 1 + 1 (sequence) 86 * + 1 + 1 + 7 (ec oid) 87 * + 1 + 1 + 9 (namedCurve oid) 88 * subjectPublicKey BIT STRING 1 + 2 + 1 [1] 89 * + 1 (point format) [1] 90 * + 2 * ECP_MAX (coords) [1] 91 * } 92 */ 93 #define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES (30 + 2 * MBEDTLS_PK_MAX_ECC_BYTES) 94 95 /* 96 * EC private keys: 97 * ECPrivateKey ::= SEQUENCE { 1 + 2 98 * version INTEGER , 1 + 1 + 1 99 * privateKey OCTET STRING, 1 + 1 + ECP_MAX 100 * parameters [0] ECParameters OPTIONAL, 1 + 1 + (1 + 1 + 9) 101 * publicKey [1] BIT STRING OPTIONAL 1 + 2 + [1] above 102 * } 103 */ 104 #define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES (29 + 3 * MBEDTLS_PK_MAX_ECC_BYTES) 105 106 #else /* MBEDTLS_PK_HAVE_ECC_KEYS */ 107 108 #define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES 0 109 #define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES 0 110 111 #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 112 113 /* Define the maximum available public key DER length based on the supported 114 * key types (EC and/or RSA). */ 115 #if (MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES > MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES) 116 #define MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES 117 #else 118 #define MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES 119 #endif 120 121 #endif /* MBEDTLS_PK_WRITE_H */ 122