Great question—since SRAM is extremely limited on the STM32F103 (only 20KB), every byte counts. Let's break down exactly how to compute the total memory footprint of an mbedtls_rsa_context, and correct the formula you proposed.

First: Why Your Initial Formula Is Off #

Your idea to combine the context size and MPI data sizes is on the right track, but you don't need to add 13 * sizeof(mbedtls_mpi)—the sizeof(mbedtls_rsa_context) already includes all the mbedtls_mpi structs that are part of the RSA context. Those MPI structs are fixed-size (they contain pointers, lengths, and flags), but the actual big-number data they point to is stored separately (either on the heap or in static memory, depending on your config).

Two Components of RSA Context Memory #

The total memory used by an mbedtls_rsa_context has two parts:

1. Static stack memory: The size of the mbedtls_rsa_context struct itself (includes all embedded mbedtls_mpi structs).
2. Dynamic/Static data memory: The actual byte storage for each RSA big number (N, E, D, P, Q, etc.) that the MPI structs point to.

Step-by-Step Calculation #

1. Get the Static Context Size #

First, calculate the fixed size of the mbedtls_rsa_context struct. You can do this with a simple compile-time check or runtime print:

#include <stdio.h>
#include "mbedtls/rsa.h"

int main(void) {
    printf("mbedtls_rsa_context size: %u bytes\n", (unsigned int)sizeof(mbedtls_rsa_context));
    // ... rest of your code
    return 0;
}

This value depends on your Mbed TLS version and configuration (e.g., whether you've enabled CRT acceleration with MBEDTLS_RSA_CRT), but it's typically between 80–150 bytes for most configurations.

2. Calculate MPI Data Memory #

Each RSA key component (modulus N, public exponent E, private exponent D, primes P/Q, etc.) is stored as an mbedtls_mpi object. The actual data size for each MPI is given by mbedtls_mpi_size(&rsa->component), which returns the number of bytes needed to store that big number.

To get the total data size, sum the sizes of all relevant MPI components. The exact list depends on your config:

• Basic RSA (no CRT): N, E, D, P, Q
• RSA with CRT acceleration (enabled by default): Add DP, DQ, QP, Vi, Vf

Here’s a code snippet to calculate this at runtime (after you’ve loaded or generated an RSA key):

mbedtls_rsa_context rsa;
mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0);
// Load your RSA key into the context here (e.g., mbedtls_rsa_parse_public_key)

size_t total_mpi_data = 0;
// Add core RSA components
total_mpi_data += mbedtls_mpi_size(&rsa.N);
total_mpi_data += mbedtls_mpi_size(&rsa.E);
total_mpi_data += mbedtls_mpi_size(&rsa.D);
total_mpi_data += mbedtls_mpi_size(&rsa.P);
total_mpi_data += mbedtls_mpi_size(&rsa.Q);

// Add CRT components if enabled
#if defined(MBEDTLS_RSA_CRT)
total_mpi_data += mbedtls_mpi_size(&rsa.DP);
total_mpi_data += mbedtls_mpi_size(&rsa.DQ);
total_mpi_data += mbedtls_mpi_size(&rsa.QP);
total_mpi_data += mbedtls_mpi_size(&rsa.Vi);
total_mpi_data += mbedtls_mpi_size(&rsa.Vf);
#endif

size_t total_rsa_memory = sizeof(mbedtls_rsa_context) + total_mpi_data;
printf("Total RSA memory usage: %u bytes (ctx: %u, MPI data: %u)\n",
       (unsigned int)total_rsa_memory,
       (unsigned int)sizeof(mbedtls_rsa_context),
       (unsigned int)total_mpi_data);

Example for 2048-bit RSA #

For a typical 2048-bit RSA key with CRT enabled:

• N (2048 bits): 256 bytes
• E (usually 65537, 17 bits): 3 bytes
• D (2048 bits): 256 bytes
• P/Q (1024 bits each): 128 bytes × 2 = 256 bytes
• DP/DQ/QP/Vi/Vf (1024 bits each): 128 bytes ×5 = 640 bytes
• Total MPI data: ~256+3+256+256+640 = 1411 bytes
• Plus context size (~128 bytes): ~1539 bytes total

This is well within the STM32F103’s 20KB SRAM, but remember to account for other code, buffers, and stack usage in your project.

Optimizations for STM32F103 #

To save even more memory:

• Use 1024-bit RSA instead of 2048-bit: This cuts MPI data sizes in half.
• Disable CRT acceleration by setting MBEDTLS_RSA_NO_CRT in your mbedtls_config.h: Removes the 5 extra MPI components (DP, DQ, QP, Vi, Vf).
• Enable static MPI memory with MBEDTLS_MPI_USE_STATIC_MEMORY: Prevents heap allocations (critical for small embedded systems) by using pre-allocated static buffers for MPI data. Just make sure MBEDTLS_MPI_MAX_SIZE is set large enough for your key size.

内容的提问来源于stack exchange，提问作者LeMoussel