Mbed TLS v2.28.8
include
psa
crypto_sizes.h
Go to the documentation of this file.
1
23
/*
24
* Copyright The Mbed TLS Contributors
25
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
26
*/
27
28
#ifndef PSA_CRYPTO_SIZES_H
29
#define PSA_CRYPTO_SIZES_H
30
31
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
32
* in each of its header files. */
33
#if !defined(MBEDTLS_CONFIG_FILE)
34
#include "
mbedtls/config.h
"
35
#else
36
#include MBEDTLS_CONFIG_FILE
37
#endif
38
39
#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
40
#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
41
42
#define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
43
(((length) + (block_size) - 1) / (block_size) * (block_size))
44
57
#define PSA_HASH_LENGTH(alg) \
58
( \
59
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
60
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \
61
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
62
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
63
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
64
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
65
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
66
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
67
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
68
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
69
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
70
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
71
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
72
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
73
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
74
0)
75
91
#define PSA_HASH_BLOCK_LENGTH(alg) \
92
( \
93
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
94
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 64 : \
95
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 : \
96
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 : \
97
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 : \
98
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 : \
99
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 : \
100
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 : \
101
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 : \
102
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 : \
103
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 : \
104
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 : \
105
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 : \
106
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 : \
107
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 : \
108
0)
109
117
/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
118
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
119
* HMAC-SHA3-512. */
120
#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_384)
121
#define PSA_HASH_MAX_SIZE 64
122
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
123
#else
124
#define PSA_HASH_MAX_SIZE 32
125
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
126
#endif
127
135
/* All non-HMAC MACs have a maximum size that's smaller than the
136
* minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
137
/* Note that the encoding of truncated MAC algorithms limits this value
138
* to 64 bytes.
139
*/
140
#define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
141
163
#define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) \
164
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
165
PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
166
((void) (key_bits), 0))
167
172
#define PSA_AEAD_TAG_MAX_SIZE 16
173
174
/* The maximum size of an RSA key on this implementation, in bits.
175
* This is a vendor-specific macro.
176
*
177
* Mbed TLS does not set a hard limit on the size of RSA keys: any key
178
* whose parameters fit in a bignum is accepted. However large keys can
179
* induce a large memory usage and long computation times. Unlike other
180
* auxiliary macros in this file and in crypto.h, which reflect how the
181
* library is configured, this macro defines how the library is
182
* configured. This implementation refuses to import or generate an
183
* RSA key whose size is larger than the value defined here.
184
*
185
* Note that an implementation may set different size limits for different
186
* operations, and does not need to accept all key sizes up to the limit. */
187
#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
188
189
/* The maximum size of an ECC key on this implementation, in bits.
190
* This is a vendor-specific macro. */
191
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
192
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
193
#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
194
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
195
#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
196
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
197
#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
198
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
199
#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
200
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
201
#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
202
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
203
#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
204
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
205
#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
206
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
207
#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
208
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
209
#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
210
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
211
#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
212
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
213
#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
214
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
215
#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
216
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
217
#else
218
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
219
#endif
220
236
#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
237
239
#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
240
262
#define PSA_MAC_LENGTH(key_type, key_bits, alg) \
263
((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
264
PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
265
PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
266
((void) (key_type), (void) (key_bits), 0))
267
294
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \
295
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
296
(plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
297
0)
298
317
#define PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length) \
318
((plaintext_length) + PSA_AEAD_TAG_MAX_SIZE)
319
320
347
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \
348
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
349
(ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
350
(ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
351
0)
352
371
#define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length) \
372
(ciphertext_length)
373
399
#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
400
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
401
MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13 : \
402
MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12 : \
403
0 : \
404
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
405
MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12 : \
406
0)
407
419
#define PSA_AEAD_NONCE_MAX_SIZE 13
420
447
/* For all the AEAD modes defined in this specification, it is possible
448
* to emit output without delay. However, hardware may not always be
449
* capable of this. So for modes based on a block cipher, allow the
450
* implementation to delay the output until it has a full block. */
451
#define PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
452
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
453
PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
454
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
455
(input_length) : \
456
0)
457
468
#define PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length) \
469
(PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)))
470
492
#define PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg) \
493
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
494
PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
495
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
496
0)
497
503
#define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
504
526
#define PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg) \
527
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
528
PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
529
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
530
0)
531
537
#define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
538
539
#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
540
(PSA_ALG_IS_RSA_OAEP(alg) ? \
541
2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
542
11
/*PKCS#1v1.5*/
)
543
552
#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
553
(PSA_BITS_TO_BYTES(curve_bits) * 2)
554
580
#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
581
(PSA_KEY_TYPE_IS_RSA(key_type) ? ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
582
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
583
((void) alg, 0))
584
585
#define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
586
PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
587
595
#define PSA_SIGNATURE_MAX_SIZE \
596
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
597
PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
598
PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE)
599
625
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
626
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
627
((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
628
0)
629
635
/* This macro assumes that RSA is the only supported asymmetric encryption. */
636
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE \
637
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
638
664
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
665
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
666
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
667
0)
668
676
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE \
677
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
678
679
/* Maximum size of the ASN.1 encoding of an INTEGER with the specified
680
* number of bits.
681
*
682
* This definition assumes that bits <= 2^19 - 9 so that the length field
683
* is at most 3 bytes. The length of the encoding is the length of the
684
* bit string padded to a whole number of bytes plus:
685
* - 1 type byte;
686
* - 1 to 3 length bytes;
687
* - 0 to 1 bytes of leading 0 due to the sign bit.
688
*/
689
#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
690
((bits) / 8 + 5)
691
692
/* Maximum size of the export encoding of an RSA public key.
693
* Assumes that the public exponent is less than 2^32.
694
*
695
* RSAPublicKey ::= SEQUENCE {
696
* modulus INTEGER, -- n
697
* publicExponent INTEGER } -- e
698
*
699
* - 4 bytes of SEQUENCE overhead;
700
* - n : INTEGER;
701
* - 7 bytes for the public exponent.
702
*/
703
#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
704
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
705
706
/* Maximum size of the export encoding of an RSA key pair.
707
* Assumes that the public exponent is less than 2^32 and that the size
708
* difference between the two primes is at most 1 bit.
709
*
710
* RSAPrivateKey ::= SEQUENCE {
711
* version Version, -- 0
712
* modulus INTEGER, -- N-bit
713
* publicExponent INTEGER, -- 32-bit
714
* privateExponent INTEGER, -- N-bit
715
* prime1 INTEGER, -- N/2-bit
716
* prime2 INTEGER, -- N/2-bit
717
* exponent1 INTEGER, -- N/2-bit
718
* exponent2 INTEGER, -- N/2-bit
719
* coefficient INTEGER, -- N/2-bit
720
* }
721
*
722
* - 4 bytes of SEQUENCE overhead;
723
* - 3 bytes of version;
724
* - 7 half-size INTEGERs plus 2 full-size INTEGERs,
725
* overapproximated as 9 half-size INTEGERS;
726
* - 7 bytes for the public exponent.
727
*/
728
#define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
729
(9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
730
731
/* Maximum size of the export encoding of a DSA public key.
732
*
733
* SubjectPublicKeyInfo ::= SEQUENCE {
734
* algorithm AlgorithmIdentifier,
735
* subjectPublicKey BIT STRING } -- contains DSAPublicKey
736
* AlgorithmIdentifier ::= SEQUENCE {
737
* algorithm OBJECT IDENTIFIER,
738
* parameters Dss-Params } -- SEQUENCE of 3 INTEGERs
739
* DSAPublicKey ::= INTEGER -- public key, Y
740
*
741
* - 3 * 4 bytes of SEQUENCE overhead;
742
* - 1 + 1 + 7 bytes of algorithm (DSA OID);
743
* - 4 bytes of BIT STRING overhead;
744
* - 3 full-size INTEGERs (p, g, y);
745
* - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
746
*/
747
#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
748
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
749
750
/* Maximum size of the export encoding of a DSA key pair.
751
*
752
* DSAPrivateKey ::= SEQUENCE {
753
* version Version, -- 0
754
* prime INTEGER, -- p
755
* subprime INTEGER, -- q
756
* generator INTEGER, -- g
757
* public INTEGER, -- y
758
* private INTEGER, -- x
759
* }
760
*
761
* - 4 bytes of SEQUENCE overhead;
762
* - 3 bytes of version;
763
* - 3 full-size INTEGERs (p, g, y);
764
* - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
765
*/
766
#define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
767
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
768
769
/* Maximum size of the export encoding of an ECC public key.
770
*
771
* The representation of an ECC public key is:
772
* - The byte 0x04;
773
* - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
774
* - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
775
* - where m is the bit size associated with the curve.
776
*
777
* - 1 byte + 2 * point size.
778
*/
779
#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
780
(2 * PSA_BITS_TO_BYTES(key_bits) + 1)
781
782
/* Maximum size of the export encoding of an ECC key pair.
783
*
784
* An ECC key pair is represented by the secret value.
785
*/
786
#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
787
(PSA_BITS_TO_BYTES(key_bits))
788
828
#define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
829
(PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
830
(key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
831
(key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
832
(key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
833
(key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
834
PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
835
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
836
0)
837
883
#define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
884
(PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
885
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
886
0)
887
896
#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
897
(PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
898
PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
899
PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
900
PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
901
911
#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
912
(PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
913
PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
914
PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
915
PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
916
940
/* FFDH is not yet supported in PSA. */
941
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
942
(PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \
943
PSA_BITS_TO_BYTES(key_bits) : \
944
0)
945
953
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \
954
(PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS))
955
980
#define PSA_CIPHER_IV_LENGTH(key_type, alg) \
981
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
982
((alg) == PSA_ALG_CTR || \
983
(alg) == PSA_ALG_CFB || \
984
(alg) == PSA_ALG_OFB || \
985
(alg) == PSA_ALG_XTS || \
986
(alg) == PSA_ALG_CBC_NO_PADDING || \
987
(alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
988
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
989
(alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
990
0)
991
996
#define PSA_CIPHER_IV_MAX_SIZE 16
997
1021
#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
1022
(alg == PSA_ALG_CBC_PKCS7 ? \
1023
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
1024
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1025
(input_length) + 1) + \
1026
PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0) : \
1027
(PSA_ALG_IS_CIPHER(alg) ? \
1028
(input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
1029
0))
1030
1042
#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
1043
(PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
1044
(input_length) + 1) + \
1045
PSA_CIPHER_IV_MAX_SIZE)
1046
1066
#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
1067
(PSA_ALG_IS_CIPHER(alg) && \
1068
((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
1069
(input_length) : \
1070
0)
1071
1082
#define PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length) \
1083
(input_length)
1084
1103
#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
1104
(PSA_ALG_IS_CIPHER(alg) ? \
1105
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
1106
(((alg) == PSA_ALG_CBC_PKCS7 || \
1107
(alg) == PSA_ALG_CBC_NO_PADDING || \
1108
(alg) == PSA_ALG_ECB_NO_PADDING) ? \
1109
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1110
input_length) : \
1111
(input_length)) : 0) : \
1112
0)
1113
1124
#define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length) \
1125
(PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, input_length))
1126
1144
#define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \
1145
(PSA_ALG_IS_CIPHER(alg) ? \
1146
(alg == PSA_ALG_CBC_PKCS7 ? \
1147
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
1148
0) : \
1149
0)
1150
1156
#define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \
1157
(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
1158
1159
#endif
/* PSA_CRYPTO_SIZES_H */
config.h
Configuration options (set of defines)
Generated on Wed Apr 24 2024 20:07:29 for Mbed TLS v2.28.8 by
1.8.17