corePKCS11 v3.4.0
PKCS #11 Cryptoki Library
PKCS #11 Implementation Macros

Macros for PKCS #11 software implementation. More...

Macros

#define FAILURE   ( -1 )
 Failure value for PKI utils functions.
 
#define pkcs11MUTEX_WAIT_MS   ( pdMS_TO_TICKS( 5000U ) )
 Delay to wait on acquiring a mutex, in ms.
 
#define pkcs11NO_OPERATION   ( ( CK_MECHANISM_TYPE ) 0xFFFFFFFFUL )
 Indicates that no PKCS #11 operation is underway for given session.
 
#define pkcs11_PRIVATE_EC_PRIME_256_DER_SIZE   160
 size of a prime256v1 EC private key in bytes, when encoded in DER.
 
#define pkcs11_PUBLIC_EC_PRIME_256_DER_SIZE   100
 size of a prime256v1 EC public key in bytes, when encoded in DER.
 
#define pkcs11_PUBLIC_RSA_2048_DER_SIZE   300
 size of a 2048 bit RSA public key in bytes, when encoded in DER.
 
#define pkcs11_PRIVATE_RSA_2048_DER_SIZE   1200
 size of a 2048 bit RSA private key in bytes, in DER encoding.
 
#define pkcs11_MAX_EC_PUBLIC_KEY_DER_SIZE   pkcs11_PUBLIC_EC_PRIME_256_DER_SIZE
 Max size of an EC public key in bytes, in DER encoding.
 
#define pkcs11_MAX_EC_PRIVATE_KEY_DER_SIZE   pkcs11_PRIVATE_EC_PRIME_256_DER_SIZE
 Max size of an EC private key in bytes, in DER encoding.
 
#define pkcs11EC_POINT_LENGTH   ( ( 32UL * 2UL ) + 1UL + 1UL + 1UL )
 Length of bytes to contain an EC point. More...
 
#define pkcs11_MAX_PUBLIC_KEY_DER_SIZE   pkcs11_PUBLIC_RSA_2048_DER_SIZE
 Max size of a public key. This macro defines the size of a key in bytes, in DER encoding. More...
 
#define pkcs11_MAX_PRIVATE_KEY_DER_SIZE   pkcs11_PRIVATE_RSA_2048_DER_SIZE
 Max key length of a key. This macro defines the size of a key in bytes, in DER format. More...
 
#define pkcs11KEY_GEN_MAX_DER_SIZE   200
 The size of the buffer malloc'ed for the exported public key in C_GenerateKeyPair.
 
#define pkcs11SLOT_ID   1
 The slot ID to be returned by this PKCS #11 implementation. More...
 
#define LABEL_IN_TEMPLATE   ( 1U )
 Private defines for checking that attribute templates are complete. More...
 
#define PKCS11_INVALID_KEY_TYPE   ( ( CK_KEY_TYPE ) 0xFFFFFFFFUL )
 Macro to signify an invalid PKCS #11 key type.
 
#define PKCS11_SHA256_HMAC_MIN_SIZE   ( 32UL )
 Private define for minimum SHA256-HMAC key size.
 
#define PKCS11_AES_CMAC_MIN_SIZE   ( 16UL )
 Private define for minimum AES-CMAC key size, in bytes.
 
#define PKCS11_USING_HMAC   ( 1 )
 Private define to inform mbedtls MD module to use an HMAC for the MD context.
 

Detailed Description

Macros for PKCS #11 software implementation.

Macro Definition Documentation

◆ pkcs11EC_POINT_LENGTH

#define pkcs11EC_POINT_LENGTH   ( ( 32UL * 2UL ) + 1UL + 1UL + 1UL )

Length of bytes to contain an EC point.

This port currently only uses prime256v1, in which the fields are 32 bytes in length. The public EC point is as long as the curve's fields * 2 + 1. so the EC point for this port is (32 * 2) + 1 bytes in length.

mbed TLS encodes the length of the point in the first byte of the buffer it receives, so an additional 1 byte in length is added to account for this.

In addition to this, an additional 1 byte is added to store information indicating that the point is uncompressed.

Note
This length needs to be updated if using a different curve.

To summarize: 32 points of 2 bytes each + 1 point length byte, 1 length byte, and 1 type (uncompressed) byte

◆ pkcs11_MAX_PUBLIC_KEY_DER_SIZE

#define pkcs11_MAX_PUBLIC_KEY_DER_SIZE   pkcs11_PUBLIC_RSA_2048_DER_SIZE

Max size of a public key. This macro defines the size of a key in bytes, in DER encoding.

Note
The largest RSA public key is used because EC keys are smaller.

◆ pkcs11_MAX_PRIVATE_KEY_DER_SIZE

#define pkcs11_MAX_PRIVATE_KEY_DER_SIZE   pkcs11_PRIVATE_RSA_2048_DER_SIZE

Max key length of a key. This macro defines the size of a key in bytes, in DER format.

Currently the largest key type supported by this port is a 2048 bit RSA private key.

Note
The largest RSA private key is used because EC keys are smaller and the RSA public key is smaller.

◆ pkcs11SLOT_ID

#define pkcs11SLOT_ID   1

The slot ID to be returned by this PKCS #11 implementation.

Note
that this implementation does not have a concept of "slots" so this number is arbitrary.

◆ LABEL_IN_TEMPLATE

#define LABEL_IN_TEMPLATE   ( 1U )

Private defines for checking that attribute templates are complete.

Bit set for label in template.