Skip to main content

trussed_core/
config.rs

1// `mldsa44` bumps this so trussed's sign() Message can carry WebAuthn's
2// `auth_data ‖ client_data_hash` commitment when auth_data embeds an
3// ML-DSA-44 public key (~1577 B + 32 = ~1609 B). The unfeatured 1024
4// stays the same so stock interchange buffers don't grow.
5#[cfg(feature = "mldsa44")]
6pub const MAX_MESSAGE_LENGTH: usize = 2048;
7#[cfg(not(feature = "mldsa44"))]
8pub const MAX_MESSAGE_LENGTH: usize = 1024;
9pub const MAX_MEDIUM_DATA_LENGTH: usize = 256;
10pub const MAX_SHORT_DATA_LENGTH: usize = 128;
11
12// ML-DSA-44 signatures are 2420 bytes; everything else stays at 1024. Gating
13// the bump avoids growing every interchange buffer (`Reply::Sign`,
14// `Request::Verify`, …) when the feature is off.
15#[cfg(feature = "mldsa44")]
16pub const MAX_SIGNATURE_LENGTH: usize = 2432;
17#[cfg(not(feature = "mldsa44"))]
18pub const MAX_SIGNATURE_LENGTH: usize = 1024;
19
20// FIXME: Value from https://stackoverflow.com/questions/5403808/private-key-length-bytes for Rsa2048 Private key
21pub const MAX_KEY_MATERIAL_LENGTH: usize = 1160 * 2 + 72;
22pub const MAX_USER_ATTRIBUTE_LENGTH: usize = 256;
23
24// request size is chosen to not exceed the largest standard syscall, Decrypt, so that the Request
25// enum does not grow from this variant
26pub const SERDE_EXTENSION_REQUEST_LENGTH: usize =
27    2 * MAX_MESSAGE_LENGTH + 2 * MAX_SHORT_DATA_LENGTH;
28// reply size is chosen to not exceed the largest standard syscall, Encrypt, so that the Reply enum
29// does not grow from this variant
30pub const SERDE_EXTENSION_REPLY_LENGTH: usize = MAX_MESSAGE_LENGTH + 2 * MAX_SHORT_DATA_LENGTH;