From d246435f4f3ca64ea660e6636d88aa6911fe072d Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Mon, 3 Apr 2017 22:24:01 -0400 Subject: PKCS #8 bumps max key buffer size up by a few bytes. --- hal_internal.h | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'hal_internal.h') diff --git a/hal_internal.h b/hal_internal.h index 40a600c..65f6ae7 100644 --- a/hal_internal.h +++ b/hal_internal.h @@ -317,15 +317,16 @@ static inline hal_crc32_t hal_crc32_finalize(hal_crc32_t crc) } /* - * Sizes for ASN.1-encoded keys, this may not be exact due to ASN.1 - * INTEGER encoding rules but should be good enough for buffer sizing: + * Sizes for PKCS #8 encoded private keys. This may not be exact due + * to ASN.1 INTEGER encoding rules, but should be good enough for + * buffer sizing. * - * 2048-bit RSA: 1194 bytes - * 4096-bit RSA: 2351 bytes - * 8192-bit RSA: 4655 bytes - * EC P-256: 121 bytes - * EC P-384: 167 bytes - * EC P-521: 223 bytes + * 2048-bit RSA: 1219 bytes + * 4096-bit RSA: 2373 bytes + * 8192-bit RSA: 4679 bytes + * EC P-256: 138 bytes + * EC P-384: 185 bytes + * EC P-521: 240 bytes * * Plus we need a bit of AES-keywrap overhead, since we're storing the * wrapped form (see hal_aes_keywrap_cyphertext_length()). @@ -338,7 +339,7 @@ static inline hal_crc32_t hal_crc32_finalize(hal_crc32_t crc) * moment we take the easy way out and cap this at 4096-bit RSA. */ -#define HAL_KS_WRAPPED_KEYSIZE ((2351 + 15) & ~7) +#define HAL_KS_WRAPPED_KEYSIZE ((2373 + 15) & ~7) /* * PINs. -- cgit v1.2.3