Mbed TLS v2.28.8
crypto_sizes.h
Go to the documentation of this file.
1 
23 /*
24  * Copyright The Mbed TLS Contributors
25  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
26  */
27 
28 #ifndef PSA_CRYPTO_SIZES_H
29 #define PSA_CRYPTO_SIZES_H
30 
31 /* Include the Mbed TLS configuration file, the way Mbed TLS does it
32  * in each of its header files. */
33 #if !defined(MBEDTLS_CONFIG_FILE)
34 #include "mbedtls/config.h"
35 #else
36 #include MBEDTLS_CONFIG_FILE
37 #endif
38 
39 #define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
40 #define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
41 
42 #define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
43  (((length) + (block_size) - 1) / (block_size) * (block_size))
44 
57 #define PSA_HASH_LENGTH(alg) \
58  ( \
59  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
60  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \
61  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
62  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
63  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
64  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
65  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
66  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
67  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
68  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
69  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
70  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
71  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
72  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
73  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
74  0)
75 
91 #define PSA_HASH_BLOCK_LENGTH(alg) \
92  ( \
93  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
94  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 64 : \
95  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 : \
96  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 : \
97  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 : \
98  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 : \
99  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 : \
100  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 : \
101  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 : \
102  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 : \
103  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 : \
104  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 : \
105  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 : \
106  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 : \
107  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 : \
108  0)
109 
117 /* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
118  * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
119  * HMAC-SHA3-512. */
120 #if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_384)
121 #define PSA_HASH_MAX_SIZE 64
122 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
123 #else
124 #define PSA_HASH_MAX_SIZE 32
125 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
126 #endif
127 
135 /* All non-HMAC MACs have a maximum size that's smaller than the
136  * minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
137 /* Note that the encoding of truncated MAC algorithms limits this value
138  * to 64 bytes.
139  */
140 #define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
141 
163 #define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) \
164  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
165  PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
166  ((void) (key_bits), 0))
167 
172 #define PSA_AEAD_TAG_MAX_SIZE 16
173 
174 /* The maximum size of an RSA key on this implementation, in bits.
175  * This is a vendor-specific macro.
176  *
177  * Mbed TLS does not set a hard limit on the size of RSA keys: any key
178  * whose parameters fit in a bignum is accepted. However large keys can
179  * induce a large memory usage and long computation times. Unlike other
180  * auxiliary macros in this file and in crypto.h, which reflect how the
181  * library is configured, this macro defines how the library is
182  * configured. This implementation refuses to import or generate an
183  * RSA key whose size is larger than the value defined here.
184  *
185  * Note that an implementation may set different size limits for different
186  * operations, and does not need to accept all key sizes up to the limit. */
187 #define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
188 
189 /* The maximum size of an ECC key on this implementation, in bits.
190  * This is a vendor-specific macro. */
191 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
192 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
193 #elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
194 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
195 #elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
196 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
197 #elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
198 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
199 #elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
200 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
201 #elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
202 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
203 #elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
204 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
205 #elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
206 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
207 #elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
208 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
209 #elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
210 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
211 #elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
212 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
213 #elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
214 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
215 #elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
216 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
217 #else
218 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
219 #endif
220 
236 #define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
237 
239 #define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
240 
262 #define PSA_MAC_LENGTH(key_type, key_bits, alg) \
263  ((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
264  PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
265  PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
266  ((void) (key_type), (void) (key_bits), 0))
267 
294 #define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \
295  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
296  (plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
297  0)
298 
317 #define PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length) \
318  ((plaintext_length) + PSA_AEAD_TAG_MAX_SIZE)
319 
320 
347 #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \
348  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
349  (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
350  (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
351  0)
352 
371 #define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length) \
372  (ciphertext_length)
373 
399 #define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
400  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
401  MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13 : \
402  MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12 : \
403  0 : \
404  (key_type) == PSA_KEY_TYPE_CHACHA20 && \
405  MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12 : \
406  0)
407 
419 #define PSA_AEAD_NONCE_MAX_SIZE 13
420 
447 /* For all the AEAD modes defined in this specification, it is possible
448  * to emit output without delay. However, hardware may not always be
449  * capable of this. So for modes based on a block cipher, allow the
450  * implementation to delay the output until it has a full block. */
451 #define PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
452  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
453  PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
454  PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
455  (input_length) : \
456  0)
457 
468 #define PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length) \
469  (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)))
470 
492 #define PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg) \
493  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
494  PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
495  PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
496  0)
497 
503 #define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
504 
526 #define PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg) \
527  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
528  PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
529  PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
530  0)
531 
537 #define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
538 
539 #define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
540  (PSA_ALG_IS_RSA_OAEP(alg) ? \
541  2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
542  11 /*PKCS#1v1.5*/)
543 
552 #define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
553  (PSA_BITS_TO_BYTES(curve_bits) * 2)
554 
580 #define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
581  (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
582  PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
583  ((void) alg, 0))
584 
585 #define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
586  PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
587 
595 #define PSA_SIGNATURE_MAX_SIZE \
596  (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
597  PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
598  PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE)
599 
625 #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
626  (PSA_KEY_TYPE_IS_RSA(key_type) ? \
627  ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
628  0)
629 
635 /* This macro assumes that RSA is the only supported asymmetric encryption. */
636 #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE \
637  (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
638 
664 #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
665  (PSA_KEY_TYPE_IS_RSA(key_type) ? \
666  PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
667  0)
668 
676 #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE \
677  (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
678 
679 /* Maximum size of the ASN.1 encoding of an INTEGER with the specified
680  * number of bits.
681  *
682  * This definition assumes that bits <= 2^19 - 9 so that the length field
683  * is at most 3 bytes. The length of the encoding is the length of the
684  * bit string padded to a whole number of bytes plus:
685  * - 1 type byte;
686  * - 1 to 3 length bytes;
687  * - 0 to 1 bytes of leading 0 due to the sign bit.
688  */
689 #define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
690  ((bits) / 8 + 5)
691 
692 /* Maximum size of the export encoding of an RSA public key.
693  * Assumes that the public exponent is less than 2^32.
694  *
695  * RSAPublicKey ::= SEQUENCE {
696  * modulus INTEGER, -- n
697  * publicExponent INTEGER } -- e
698  *
699  * - 4 bytes of SEQUENCE overhead;
700  * - n : INTEGER;
701  * - 7 bytes for the public exponent.
702  */
703 #define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
704  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
705 
706 /* Maximum size of the export encoding of an RSA key pair.
707  * Assumes that the public exponent is less than 2^32 and that the size
708  * difference between the two primes is at most 1 bit.
709  *
710  * RSAPrivateKey ::= SEQUENCE {
711  * version Version, -- 0
712  * modulus INTEGER, -- N-bit
713  * publicExponent INTEGER, -- 32-bit
714  * privateExponent INTEGER, -- N-bit
715  * prime1 INTEGER, -- N/2-bit
716  * prime2 INTEGER, -- N/2-bit
717  * exponent1 INTEGER, -- N/2-bit
718  * exponent2 INTEGER, -- N/2-bit
719  * coefficient INTEGER, -- N/2-bit
720  * }
721  *
722  * - 4 bytes of SEQUENCE overhead;
723  * - 3 bytes of version;
724  * - 7 half-size INTEGERs plus 2 full-size INTEGERs,
725  * overapproximated as 9 half-size INTEGERS;
726  * - 7 bytes for the public exponent.
727  */
728 #define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
729  (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
730 
731 /* Maximum size of the export encoding of a DSA public key.
732  *
733  * SubjectPublicKeyInfo ::= SEQUENCE {
734  * algorithm AlgorithmIdentifier,
735  * subjectPublicKey BIT STRING } -- contains DSAPublicKey
736  * AlgorithmIdentifier ::= SEQUENCE {
737  * algorithm OBJECT IDENTIFIER,
738  * parameters Dss-Params } -- SEQUENCE of 3 INTEGERs
739  * DSAPublicKey ::= INTEGER -- public key, Y
740  *
741  * - 3 * 4 bytes of SEQUENCE overhead;
742  * - 1 + 1 + 7 bytes of algorithm (DSA OID);
743  * - 4 bytes of BIT STRING overhead;
744  * - 3 full-size INTEGERs (p, g, y);
745  * - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
746  */
747 #define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
748  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
749 
750 /* Maximum size of the export encoding of a DSA key pair.
751  *
752  * DSAPrivateKey ::= SEQUENCE {
753  * version Version, -- 0
754  * prime INTEGER, -- p
755  * subprime INTEGER, -- q
756  * generator INTEGER, -- g
757  * public INTEGER, -- y
758  * private INTEGER, -- x
759  * }
760  *
761  * - 4 bytes of SEQUENCE overhead;
762  * - 3 bytes of version;
763  * - 3 full-size INTEGERs (p, g, y);
764  * - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
765  */
766 #define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
767  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
768 
769 /* Maximum size of the export encoding of an ECC public key.
770  *
771  * The representation of an ECC public key is:
772  * - The byte 0x04;
773  * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
774  * - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
775  * - where m is the bit size associated with the curve.
776  *
777  * - 1 byte + 2 * point size.
778  */
779 #define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
780  (2 * PSA_BITS_TO_BYTES(key_bits) + 1)
781 
782 /* Maximum size of the export encoding of an ECC key pair.
783  *
784  * An ECC key pair is represented by the secret value.
785  */
786 #define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
787  (PSA_BITS_TO_BYTES(key_bits))
788 
828 #define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
829  (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
830  (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
831  (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
832  (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
833  (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
834  PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
835  PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
836  0)
837 
883 #define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
884  (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
885  PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
886  0)
887 
896 #define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
897  (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
898  PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
899  PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
900  PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
901 
911 #define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
912  (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
913  PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
914  PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
915  PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
916 
940 /* FFDH is not yet supported in PSA. */
941 #define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
942  (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \
943  PSA_BITS_TO_BYTES(key_bits) : \
944  0)
945 
953 #define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \
954  (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS))
955 
980 #define PSA_CIPHER_IV_LENGTH(key_type, alg) \
981  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
982  ((alg) == PSA_ALG_CTR || \
983  (alg) == PSA_ALG_CFB || \
984  (alg) == PSA_ALG_OFB || \
985  (alg) == PSA_ALG_XTS || \
986  (alg) == PSA_ALG_CBC_NO_PADDING || \
987  (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
988  (key_type) == PSA_KEY_TYPE_CHACHA20 && \
989  (alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
990  0)
991 
996 #define PSA_CIPHER_IV_MAX_SIZE 16
997 
1021 #define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
1022  (alg == PSA_ALG_CBC_PKCS7 ? \
1023  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
1024  PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1025  (input_length) + 1) + \
1026  PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0) : \
1027  (PSA_ALG_IS_CIPHER(alg) ? \
1028  (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
1029  0))
1030 
1042 #define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
1043  (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
1044  (input_length) + 1) + \
1045  PSA_CIPHER_IV_MAX_SIZE)
1046 
1066 #define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
1067  (PSA_ALG_IS_CIPHER(alg) && \
1068  ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
1069  (input_length) : \
1070  0)
1071 
1082 #define PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length) \
1083  (input_length)
1084 
1103 #define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
1104  (PSA_ALG_IS_CIPHER(alg) ? \
1105  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
1106  (((alg) == PSA_ALG_CBC_PKCS7 || \
1107  (alg) == PSA_ALG_CBC_NO_PADDING || \
1108  (alg) == PSA_ALG_ECB_NO_PADDING) ? \
1109  PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1110  input_length) : \
1111  (input_length)) : 0) : \
1112  0)
1113 
1124 #define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length) \
1125  (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, input_length))
1126 
1144 #define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \
1145  (PSA_ALG_IS_CIPHER(alg) ? \
1146  (alg == PSA_ALG_CBC_PKCS7 ? \
1147  PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
1148  0) : \
1149  0)
1150 
1156 #define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \
1157  (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
1158 
1159 #endif /* PSA_CRYPTO_SIZES_H */
config.h
Configuration options (set of defines)