Mbed TLS v2.28.9
Loading...
Searching...
No Matches
crypto_sizes.h
Go to the documentation of this file.
1
23/*
24 * Copyright The Mbed TLS Contributors
25 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
26 */
27
28#ifndef PSA_CRYPTO_SIZES_H
29#define PSA_CRYPTO_SIZES_H
30
31/* Include the Mbed TLS configuration file, the way Mbed TLS does it
32 * in each of its header files. */
33#if !defined(MBEDTLS_CONFIG_FILE)
34#include "mbedtls/config.h"
35#else
36#include MBEDTLS_CONFIG_FILE
37#endif
38
39#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
40#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
41
42#define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
43 (((length) + (block_size) - 1) / (block_size) * (block_size))
44
57#define PSA_HASH_LENGTH(alg) \
58 ( \
59 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
60 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \
61 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
62 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
63 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
64 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
65 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
66 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
67 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
68 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
69 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
70 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
71 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
72 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
73 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
74 0)
75
91#define PSA_HASH_BLOCK_LENGTH(alg) \
92 ( \
93 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
94 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 64 : \
95 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 : \
96 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 : \
97 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 : \
98 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 : \
99 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 : \
100 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 : \
101 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 : \
102 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 : \
103 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 : \
104 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 : \
105 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 : \
106 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 : \
107 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 : \
108 0)
109
117/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
118 * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
119 * HMAC-SHA3-512. */
120#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_384)
121#define PSA_HASH_MAX_SIZE 64
122#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
123#else
124#define PSA_HASH_MAX_SIZE 32
125#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
126#endif
127
135/* All non-HMAC MACs have a maximum size that's smaller than the
136 * minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
137/* Note that the encoding of truncated MAC algorithms limits this value
138 * to 64 bytes.
139 */
140#define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
141
163#define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) \
164 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
165 PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
166 ((void) (key_bits), 0))
167
172#define PSA_AEAD_TAG_MAX_SIZE 16
173
174/* The maximum size of an RSA key on this implementation, in bits.
175 * This is a vendor-specific macro.
176 *
177 * Mbed TLS does not set a hard limit on the size of RSA keys: any key
178 * whose parameters fit in a bignum is accepted. However large keys can
179 * induce a large memory usage and long computation times. Unlike other
180 * auxiliary macros in this file and in crypto.h, which reflect how the
181 * library is configured, this macro defines how the library is
182 * configured. This implementation refuses to import or generate an
183 * RSA key whose size is larger than the value defined here.
184 *
185 * Note that an implementation may set different size limits for different
186 * operations, and does not need to accept all key sizes up to the limit. */
187#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
188
189/* The maximum size of an ECC key on this implementation, in bits.
190 * This is a vendor-specific macro. */
191#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
192#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
193#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
194#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
195#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
196#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
197#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
198#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
199#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
200#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
201#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
202#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
203#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
204#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
205#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
206#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
207#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
208#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
209#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
210#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
211#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
212#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
213#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
214#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
215#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
216#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
217#else
218#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
219#endif
220
236#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
237
239#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
240
262#define PSA_MAC_LENGTH(key_type, key_bits, alg) \
263 ((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
264 PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
265 PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
266 ((void) (key_type), (void) (key_bits), 0))
267
294#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \
295 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
296 (plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
297 0)
298
317#define PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length) \
318 ((plaintext_length) + PSA_AEAD_TAG_MAX_SIZE)
319
320
347#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \
348 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
349 (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
350 (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
351 0)
352
371#define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length) \
372 (ciphertext_length)
373
399#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
400 (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
401 MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13 : \
402 MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12 : \
403 0 : \
404 (key_type) == PSA_KEY_TYPE_CHACHA20 && \
405 MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12 : \
406 0)
407
419#define PSA_AEAD_NONCE_MAX_SIZE 13
420
447/* For all the AEAD modes defined in this specification, it is possible
448 * to emit output without delay. However, hardware may not always be
449 * capable of this. So for modes based on a block cipher, allow the
450 * implementation to delay the output until it has a full block. */
451#define PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
452 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
453 PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
454 PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
455 (input_length) : \
456 0)
457
468#define PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length) \
469 (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)))
470
492#define PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg) \
493 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
494 PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
495 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
496 0)
497
503#define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
504
526#define PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg) \
527 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
528 PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
529 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
530 0)
531
537#define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
538
539#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
540 (PSA_ALG_IS_RSA_OAEP(alg) ? \
541 2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
542 11 /*PKCS#1v1.5*/)
543
552#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
553 (PSA_BITS_TO_BYTES(curve_bits) * 2)
554
580#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
581 (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
582 PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
583 ((void) alg, 0))
584
585#define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
586 PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
587
595#define PSA_SIGNATURE_MAX_SIZE \
596 (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
597 PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
598 PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE)
599
625#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
626 (PSA_KEY_TYPE_IS_RSA(key_type) ? \
627 ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
628 0)
629
635/* This macro assumes that RSA is the only supported asymmetric encryption. */
636#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE \
637 (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
638
664#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
665 (PSA_KEY_TYPE_IS_RSA(key_type) ? \
666 PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
667 0)
668
676#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE \
677 (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
678
679/* Maximum size of the ASN.1 encoding of an INTEGER with the specified
680 * number of bits.
681 *
682 * This definition assumes that bits <= 2^19 - 9 so that the length field
683 * is at most 3 bytes. The length of the encoding is the length of the
684 * bit string padded to a whole number of bytes plus:
685 * - 1 type byte;
686 * - 1 to 3 length bytes;
687 * - 0 to 1 bytes of leading 0 due to the sign bit.
688 */
689#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
690 ((bits) / 8 + 5)
691
692/* Maximum size of the export encoding of an RSA public key.
693 * Assumes that the public exponent is less than 2^32.
694 *
695 * RSAPublicKey ::= SEQUENCE {
696 * modulus INTEGER, -- n
697 * publicExponent INTEGER } -- e
698 *
699 * - 4 bytes of SEQUENCE overhead;
700 * - n : INTEGER;
701 * - 7 bytes for the public exponent.
702 */
703#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
704 (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
705
706/* Maximum size of the export encoding of an RSA key pair.
707 * Assumes that the public exponent is less than 2^32 and that the size
708 * difference between the two primes is at most 1 bit.
709 *
710 * RSAPrivateKey ::= SEQUENCE {
711 * version Version, -- 0
712 * modulus INTEGER, -- N-bit
713 * publicExponent INTEGER, -- 32-bit
714 * privateExponent INTEGER, -- N-bit
715 * prime1 INTEGER, -- N/2-bit
716 * prime2 INTEGER, -- N/2-bit
717 * exponent1 INTEGER, -- N/2-bit
718 * exponent2 INTEGER, -- N/2-bit
719 * coefficient INTEGER, -- N/2-bit
720 * }
721 *
722 * - 4 bytes of SEQUENCE overhead;
723 * - 3 bytes of version;
724 * - 7 half-size INTEGERs plus 2 full-size INTEGERs,
725 * overapproximated as 9 half-size INTEGERS;
726 * - 7 bytes for the public exponent.
727 */
728#define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
729 (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
730
731/* Maximum size of the export encoding of a DSA public key.
732 *
733 * SubjectPublicKeyInfo ::= SEQUENCE {
734 * algorithm AlgorithmIdentifier,
735 * subjectPublicKey BIT STRING } -- contains DSAPublicKey
736 * AlgorithmIdentifier ::= SEQUENCE {
737 * algorithm OBJECT IDENTIFIER,
738 * parameters Dss-Params } -- SEQUENCE of 3 INTEGERs
739 * DSAPublicKey ::= INTEGER -- public key, Y
740 *
741 * - 3 * 4 bytes of SEQUENCE overhead;
742 * - 1 + 1 + 7 bytes of algorithm (DSA OID);
743 * - 4 bytes of BIT STRING overhead;
744 * - 3 full-size INTEGERs (p, g, y);
745 * - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
746 */
747#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
748 (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
749
750/* Maximum size of the export encoding of a DSA key pair.
751 *
752 * DSAPrivateKey ::= SEQUENCE {
753 * version Version, -- 0
754 * prime INTEGER, -- p
755 * subprime INTEGER, -- q
756 * generator INTEGER, -- g
757 * public INTEGER, -- y
758 * private INTEGER, -- x
759 * }
760 *
761 * - 4 bytes of SEQUENCE overhead;
762 * - 3 bytes of version;
763 * - 3 full-size INTEGERs (p, g, y);
764 * - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
765 */
766#define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
767 (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
768
769/* Maximum size of the export encoding of an ECC public key.
770 *
771 * The representation of an ECC public key is:
772 * - The byte 0x04;
773 * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
774 * - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
775 * - where m is the bit size associated with the curve.
776 *
777 * - 1 byte + 2 * point size.
778 */
779#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
780 (2 * PSA_BITS_TO_BYTES(key_bits) + 1)
781
782/* Maximum size of the export encoding of an ECC key pair.
783 *
784 * An ECC key pair is represented by the secret value.
785 */
786#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
787 (PSA_BITS_TO_BYTES(key_bits))
788
828#define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
829 (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
830 (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
831 (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
832 (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
833 (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
834 PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
835 PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
836 0)
837
883#define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
884 (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
885 PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
886 0)
887
896#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
897 (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
898 PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
899 PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
900 PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
901
911#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
912 (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
913 PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
914 PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
915 PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
916
940/* FFDH is not yet supported in PSA. */
941#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
942 (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \
943 PSA_BITS_TO_BYTES(key_bits) : \
944 0)
945
953#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \
954 (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS))
955
980#define PSA_CIPHER_IV_LENGTH(key_type, alg) \
981 (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
982 ((alg) == PSA_ALG_CTR || \
983 (alg) == PSA_ALG_CFB || \
984 (alg) == PSA_ALG_OFB || \
985 (alg) == PSA_ALG_XTS || \
986 (alg) == PSA_ALG_CBC_NO_PADDING || \
987 (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
988 (key_type) == PSA_KEY_TYPE_CHACHA20 && \
989 (alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
990 0)
991
996#define PSA_CIPHER_IV_MAX_SIZE 16
997
1021#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
1022 (alg == PSA_ALG_CBC_PKCS7 ? \
1023 (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
1024 PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1025 (input_length) + 1) + \
1026 PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0) : \
1027 (PSA_ALG_IS_CIPHER(alg) ? \
1028 (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
1029 0))
1030
1042#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
1043 (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
1044 (input_length) + 1) + \
1045 PSA_CIPHER_IV_MAX_SIZE)
1046
1066#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
1067 (PSA_ALG_IS_CIPHER(alg) && \
1068 ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
1069 (input_length) : \
1070 0)
1071
1082#define PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length) \
1083 (input_length)
1084
1103#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
1104 (PSA_ALG_IS_CIPHER(alg) ? \
1105 (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
1106 (((alg) == PSA_ALG_CBC_PKCS7 || \
1107 (alg) == PSA_ALG_CBC_NO_PADDING || \
1108 (alg) == PSA_ALG_ECB_NO_PADDING) ? \
1109 PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1110 input_length) : \
1111 (input_length)) : 0) : \
1112 0)
1113
1124#define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length) \
1125 (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, input_length))
1126
1144#define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \
1145 (PSA_ALG_IS_CIPHER(alg) ? \
1146 (alg == PSA_ALG_CBC_PKCS7 ? \
1147 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
1148 0) : \
1149 0)
1150
1156#define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \
1157 (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
1158
1159#endif /* PSA_CRYPTO_SIZES_H */
Configuration options (set of defines)