tlslimits.h

Go to the documentation of this file.

/* 2020-2026 Quantum Resistant Cryptographic Solutions Corporation
 * All Rights Reserved.
 *
 * NOTICE:
 * This software and all accompanying materials are the exclusive property of
 * Quantum Resistant Cryptographic Solutions Corporation (QRCS). The intellectual
 * and technical concepts contained herein are proprietary to QRCS and are
 * protected under applicable Canadian, U.S., and international copyright,
 * patent, and trade secret laws.
 *
 * CRYPTOGRAPHIC ALGORITHMS AND IMPLEMENTATIONS:
 * - This software includes implementations of cryptographic primitives and
 *   algorithms that are standardized or in the public domain, such as AES
 *   and SHA-3, which are not proprietary to QRCS.
 * - This software also includes cryptographic primitives, constructions, and
 *   algorithms designed by QRCS, including but not limited to RCS, SCB, CSX, QMAC, and
 *   related components, which are proprietary to QRCS.
 * - All source code, implementations, protocol compositions, optimizations,
 *   parameter selections, and engineering work contained in this software are
 *   original works of QRCS and are protected under this license.
 *
 * LICENSE AND USE RESTRICTIONS:
 * - This software is licensed under the Quantum Resistant Cryptographic Solutions
 *   Public Research and Evaluation License (QRCS-PREL), 2025-2026.
 * - Permission is granted solely for non-commercial evaluation, academic research,
 *   cryptographic analysis, interoperability testing, and feasibility assessment.
 * - Commercial use, production deployment, commercial redistribution, or
 *   integration into products or services is strictly prohibited without a
 *   separate written license agreement executed with QRCS.
 * - Licensing and authorized distribution are solely at the discretion of QRCS.
 *
 * EXPERIMENTAL CRYPTOGRAPHY NOTICE:
 * Portions of this software may include experimental, novel, or evolving
 * cryptographic designs. Use of this software is entirely at the user's risk.
 *
 * DISCLAIMER:
 * THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS
 * FOR A PARTICULAR PURPOSE, SECURITY, OR NON-INFRINGEMENT. QRCS DISCLAIMS ALL
 * LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
 * ARISING FROM THE USE OR MISUSE OF THIS SOFTWARE.
 *
 * FULL LICENSE:
 * This software is subject to the Quantum Resistant Cryptographic Solutions
 * Public Research and Evaluation License (QRCS-PREL), 2025-2026. The complete license terms
 * are provided in the accompanying LICENSE file or at https://www.qrcscorp.ca.
 *
 * Written by: John G. Underhill
 * Contact: contact@qrcscorp.ca
 */
 
#ifndef QSC_TLS_LIMITS_H
#define QSC_TLS_LIMITS_H
 
#include "qsccommon.h"
#include "tlsdefs.h"
#include "kyber.h"
#include "dilithium.h"
 
QSC_CPLUSPLUS_ENABLED_START

 
/* Record and stream limits */
#define QSC_TLS_MAX_RECORD_SIZE 18432U

#define QSC_TLS_STREAM_BUFFER_MAX_SIZE (QSC_TLS_MAX_RECORD_SIZE * 4U)

#define QSC_TLS_MAX_PLAINTEXT_SIZE 16384U

#define QSC_TLS_RECORD_MAX_PLAINTEXT_SIZE QSC_TLS_MAX_PLAINTEXT_SIZE

#define QSC_TLS_RECORD_MAX_INNER_SIZE (QSC_TLS_MAX_PLAINTEXT_SIZE + QSC_TLS_INNER_CONTENT_TYPE_SIZE)
 
/* Registry and identifier limits */
#define QSC_TLS_MAX_GROUPS 16U

#define QSC_TLS_MAX_SIGNATURE_SCHEMES 24U

#define QSC_TLS_MAX_CIPHER_SUITES 16U

#define QSC_TLS_MAX_HOSTNAME_SIZE 255U

#define QSC_TLS_MAX_ALPN_SIZE 255U

#define QSC_TLS_MAX_ALPN_PROTOCOLS 8U

#define QSC_TLS_MAX_SERVER_IDENTITIES 4U
 
/* Certificate and handshake message limits */
#define QSC_TLS_CERTIFICATE_REQUEST_CONTEXT_MAX_SIZE 255U

#define QSC_TLS_CERTIFICATE_LIST_MAX_ENTRIES 8U

#define QSC_TLS_CERTIFICATE_MAX_SIZE 65535U

#define QSC_TLS_HANDSHAKE_FINISHED_MAX_SIZE 64U

#define QSC_TLS_MAX_PSK_IDENTITIES 4U

#define QSC_TLS_TICKET_MAX_SIZE 1024U

#define QSC_TLS_TICKET_NONCE_MAX_SIZE 255U

#define QSC_TLS_PSK_BINDER_MAX_SIZE QSC_TLS_HASH_MAX_SIZE
 
/* Key material and algorithm-size limits */
#define QSC_TLS_MAX_CLASSICAL_PUBLIC_KEY_SIZE 97U

#define QSC_TLS_MAX_CLASSICAL_PRIVATE_KEY_SIZE 96U

#define QSC_TLS_MAX_KEM_PUBLIC_KEY_SIZE QSC_KYBER_PUBLICKEY_SIZE

#define QSC_TLS_MAX_KEM_PRIVATE_KEY_SIZE QSC_KYBER_PRIVATEKEY_SIZE

#define QSC_TLS_MAX_KEM_CIPHERTEXT_SIZE QSC_KYBER_CIPHERTEXT_SIZE

#define QSC_TLS_MAX_KEM_SHARED_SECRET_SIZE QSC_KYBER_SHAREDSECRET_SIZE

#define QSC_TLS_MAX_HYBRID_CLIENT_KEYSHARE_SIZE (QSC_TLS_MAX_CLASSICAL_PUBLIC_KEY_SIZE + QSC_TLS_MAX_KEM_PUBLIC_KEY_SIZE)

#define QSC_TLS_MAX_HYBRID_SERVER_KEYSHARE_SIZE (QSC_TLS_MAX_CLASSICAL_PUBLIC_KEY_SIZE + QSC_TLS_MAX_KEM_CIPHERTEXT_SIZE)

#define QSC_TLS_MAX_PRIVATE_KEY_SIZE (QSC_TLS_MAX_CLASSICAL_PRIVATE_KEY_SIZE + QSC_TLS_MAX_KEM_PRIVATE_KEY_SIZE)

#define QSC_TLS_MAX_SHARED_SECRET_SIZE (48U + QSC_TLS_MAX_KEM_SHARED_SECRET_SIZE)

#define QSC_TLS_CERTIFICATE_VERIFY_MAX_SIGNATURE_SIZE QSC_DILITHIUM_SIGNATURE_SIZE

#define QSC_TLS_MAX_SIGNING_PRIVATE_KEY_SIZE 4896U

#define QSC_TLS_MAX_KEYSHARE_SIZE QSC_TLS_MAX_HYBRID_CLIENT_KEYSHARE_SIZE

#define QSC_TLS_KEY_SHARE_MAX_SIZE QSC_TLS_MAX_KEYSHARE_SIZE
 
/* Extension and hello size limits */
#define QSC_TLS_MAX_EXTENSION_SIZE (64U + QSC_TLS_MAX_HYBRID_CLIENT_KEYSHARE_SIZE + (QSC_TLS_MAX_GROUPS * sizeof(uint16_t)) + (QSC_TLS_MAX_SIGNATURE_SCHEMES * sizeof(uint16_t)))

#define QSC_TLS_SUPPORTED_VERSIONS_CLIENT_EXTENSION_SIZE 7U

#define QSC_TLS_SUPPORTED_VERSIONS_SERVER_EXTENSION_SIZE 6U

#define QSC_TLS_SUPPORTED_GROUPS_EXTENSION_MAX_SIZE (6U + (QSC_TLS_MAX_GROUPS * sizeof(uint16_t)))

#define QSC_TLS_SIGNATURE_ALGORITHMS_EXTENSION_MAX_SIZE (6U + (QSC_TLS_MAX_SIGNATURE_SCHEMES * sizeof(uint16_t)))

#define QSC_TLS_KEY_SHARE_CLIENT_EXTENSION_MAX_SIZE (8U + QSC_TLS_MAX_KEYSHARE_SIZE)

#define QSC_TLS_KEY_SHARE_SERVER_EXTENSION_MAX_SIZE (8U + QSC_TLS_MAX_HYBRID_SERVER_KEYSHARE_SIZE)

#define QSC_TLS_CLIENT_HELLO_EXTENSIONS_MAX_SIZE (QSC_TLS_SUPPORTED_VERSIONS_CLIENT_EXTENSION_SIZE + QSC_TLS_SUPPORTED_GROUPS_EXTENSION_MAX_SIZE + QSC_TLS_SIGNATURE_ALGORITHMS_EXTENSION_MAX_SIZE + QSC_TLS_KEY_SHARE_CLIENT_EXTENSION_MAX_SIZE)

#define QSC_TLS_CLIENT_HELLO_BODY_MAX_SIZE (43U + QSC_TLS_CLIENT_HELLO_EXTENSIONS_MAX_SIZE)

#define QSC_TLS_SERVER_HELLO_EXTENSIONS_MAX_SIZE (QSC_TLS_SUPPORTED_VERSIONS_SERVER_EXTENSION_SIZE + QSC_TLS_KEY_SHARE_SERVER_EXTENSION_MAX_SIZE)

#define QSC_TLS_SERVER_HELLO_BODY_MAX_SIZE (72U + QSC_TLS_SERVER_HELLO_EXTENSIONS_MAX_SIZE)
 
/* HKDF label limits */
#define QSC_TLS_HKDF_LABEL_MAX_WIRE_SIZE (2U + 1U + (QSC_TLS_HKDF_LABEL_PREFIX_SIZE + QSC_TLS_LABEL_MAX_SIZE) + 1U + QSC_TLS_CONTEXT_MAX_SIZE)
 
typedef char qsc_tls_limit_assert_keyshare[(QSC_TLS_MAX_KEYSHARE_SIZE >= QSC_TLS_MAX_HYBRID_CLIENT_KEYSHARE_SIZE) ? 1 : -1];
typedef char qsc_tls_limit_assert_extension[(QSC_TLS_MAX_EXTENSION_SIZE >= QSC_TLS_CLIENT_HELLO_EXTENSIONS_MAX_SIZE) ? 1 : -1];
typedef char qsc_tls_limit_assert_client_hello[(QSC_TLS_CLIENT_HELLO_BODY_MAX_SIZE >= (43U + QSC_TLS_KEY_SHARE_CLIENT_EXTENSION_MAX_SIZE)) ? 1 : -1];
typedef char qsc_tls_limit_assert_server_hello[(QSC_TLS_SERVER_HELLO_BODY_MAX_SIZE >= (72U + QSC_TLS_KEY_SHARE_SERVER_EXTENSION_MAX_SIZE)) ? 1 : -1];
typedef char qsc_tls_limit_assert_private[(QSC_TLS_MAX_PRIVATE_KEY_SIZE >= (QSC_TLS_MAX_CLASSICAL_PRIVATE_KEY_SIZE + QSC_TLS_MAX_KEM_PRIVATE_KEY_SIZE)) ? 1 : -1];
typedef char qsc_tls_limit_assert_signature[(QSC_TLS_CERTIFICATE_VERIFY_MAX_SIGNATURE_SIZE >= QSC_DILITHIUM_SIGNATURE_SIZE) ? 1 : -1];
typedef char qsc_tls_limit_assert_ciphersuites[(QSC_TLS_MAX_CIPHER_SUITES >= 3U) ? 1 : -1];
 
QSC_CPLUSPLUS_ENABLED_END
 
#endif