Mbed TLS v3.6.3
Loading...
Searching...
No Matches
crypto_sizes.h
Go to the documentation of this file.
1
23/*
24 * Copyright The Mbed TLS Contributors
25 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
26 */
27
28#ifndef PSA_CRYPTO_SIZES_H
29#define PSA_CRYPTO_SIZES_H
30
31/*
32 * Include the build-time configuration information header. Here, we do not
33 * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
34 * is basically just an alias to it. This is to ease the maintenance of the
35 * TF-PSA-Crypto repository which has a different build system and
36 * configuration.
37 */
38#include "psa/build_info.h"
39
40#define PSA_BITS_TO_BYTES(bits) (((bits) + 7u) / 8u)
41#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8u)
42#define PSA_MAX_OF_THREE(a, b, c) ((a) <= (b) ? (b) <= (c) ? \
43 (c) : (b) : (a) <= (c) ? (c) : (a))
44
45#define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
46 (((length) + (block_size) - 1) / (block_size) * (block_size))
47
60#define PSA_HASH_LENGTH(alg) \
61 ( \
62 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16u : \
63 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20u : \
64 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20u : \
65 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28u : \
66 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32u : \
67 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48u : \
68 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64u : \
69 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28u : \
70 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32u : \
71 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28u : \
72 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32u : \
73 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48u : \
74 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64u : \
75 0u)
76
92#define PSA_HASH_BLOCK_LENGTH(alg) \
93 ( \
94 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64u : \
95 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64u : \
96 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64u : \
97 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64u : \
98 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64u : \
99 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128u : \
100 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128u : \
101 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128u : \
102 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128u : \
103 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144u : \
104 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136u : \
105 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104u : \
106 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72u : \
107 0u)
108
116/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-224,
117 * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
118 * HMAC-SHA3-512. */
119/* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE,
120 * see the note on MBEDTLS_MD_MAX_SIZE for details. */
121#if defined(PSA_WANT_ALG_SHA3_224)
122#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 144u
123#elif defined(PSA_WANT_ALG_SHA3_256)
124#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 136u
125#elif defined(PSA_WANT_ALG_SHA_512)
126#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
127#elif defined(PSA_WANT_ALG_SHA_384)
128#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
129#elif defined(PSA_WANT_ALG_SHA3_384)
130#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 104u
131#elif defined(PSA_WANT_ALG_SHA3_512)
132#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 72u
133#elif defined(PSA_WANT_ALG_SHA_256)
134#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
135#elif defined(PSA_WANT_ALG_SHA_224)
136#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
137#else /* SHA-1 or smaller */
138#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
139#endif
140
141#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA3_512)
142#define PSA_HASH_MAX_SIZE 64u
143#elif defined(PSA_WANT_ALG_SHA_384) || defined(PSA_WANT_ALG_SHA3_384)
144#define PSA_HASH_MAX_SIZE 48u
145#elif defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA3_256)
146#define PSA_HASH_MAX_SIZE 32u
147#elif defined(PSA_WANT_ALG_SHA_224) || defined(PSA_WANT_ALG_SHA3_224)
148#define PSA_HASH_MAX_SIZE 28u
149#else /* SHA-1 or smaller */
150#define PSA_HASH_MAX_SIZE 20u
151#endif
152
160/* All non-HMAC MACs have a maximum size that's smaller than the
161 * minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
162/* Note that the encoding of truncated MAC algorithms limits this value
163 * to 64 bytes.
164 */
165#define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
166
188#define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) \
189 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
190 PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
191 ((void) (key_bits), 0u))
192
197#define PSA_AEAD_TAG_MAX_SIZE 16u
198
199/* The maximum size of an RSA key on this implementation, in bits.
200 * This is a vendor-specific macro.
201 *
202 * Mbed TLS does not set a hard limit on the size of RSA keys: any key
203 * whose parameters fit in a bignum is accepted. However large keys can
204 * induce a large memory usage and long computation times. Unlike other
205 * auxiliary macros in this file and in crypto.h, which reflect how the
206 * library is configured, this macro defines how the library is
207 * configured. This implementation refuses to import or generate an
208 * RSA key whose size is larger than the value defined here.
209 *
210 * Note that an implementation may set different size limits for different
211 * operations, and does not need to accept all key sizes up to the limit. */
212#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096u
213
214/* The minimum size of an RSA key on this implementation, in bits.
215 * This is a vendor-specific macro.
216 *
217 * Limits RSA key generation to a minimum due to avoid accidental misuse.
218 * This value cannot be less than 128 bits.
219 */
220#if defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
221#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS MBEDTLS_RSA_GEN_KEY_MIN_BITS
222#else
223#define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS 1024
224#endif
225
226/* The maximum size of an DH key on this implementation, in bits.
227 * This is a vendor-specific macro.*/
228#if defined(PSA_WANT_DH_RFC7919_8192)
229#define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192u
230#elif defined(PSA_WANT_DH_RFC7919_6144)
231#define PSA_VENDOR_FFDH_MAX_KEY_BITS 6144u
232#elif defined(PSA_WANT_DH_RFC7919_4096)
233#define PSA_VENDOR_FFDH_MAX_KEY_BITS 4096u
234#elif defined(PSA_WANT_DH_RFC7919_3072)
235#define PSA_VENDOR_FFDH_MAX_KEY_BITS 3072u
236#elif defined(PSA_WANT_DH_RFC7919_2048)
237#define PSA_VENDOR_FFDH_MAX_KEY_BITS 2048u
238#else
239#define PSA_VENDOR_FFDH_MAX_KEY_BITS 0u
240#endif
241
242/* The maximum size of an ECC key on this implementation, in bits.
243 * This is a vendor-specific macro. */
244#if defined(PSA_WANT_ECC_SECP_R1_521)
245#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521u
246#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
247#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512u
248#elif defined(PSA_WANT_ECC_MONTGOMERY_448)
249#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448u
250#elif defined(PSA_WANT_ECC_SECP_R1_384)
251#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u
252#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
253#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u
254#elif defined(PSA_WANT_ECC_SECP_R1_256)
255#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
256#elif defined(PSA_WANT_ECC_SECP_K1_256)
257#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
258#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
259#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
260#elif defined(PSA_WANT_ECC_MONTGOMERY_255)
261#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255u
262#elif defined(PSA_WANT_ECC_SECP_R1_224)
263#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u
264#elif defined(PSA_WANT_ECC_SECP_K1_224)
265#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u
266#elif defined(PSA_WANT_ECC_SECP_R1_192)
267#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u
268#elif defined(PSA_WANT_ECC_SECP_K1_192)
269#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u
270#else
271#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0u
272#endif
273
289#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128u
290
291/* The expected size of input passed to psa_tls12_ecjpake_to_pms_input,
292 * which is expected to work with P-256 curve only. */
293#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65u
294
295/* The size of a serialized K.X coordinate to be used in
296 * psa_tls12_ecjpake_to_pms_input. This function only accepts the P-256
297 * curve. */
298#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32u
299
300/* The maximum number of iterations for PBKDF2 on this implementation, in bits.
301 * This is a vendor-specific macro. This can be configured if necessary */
302#define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffffU
303
305#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16u
306
328#define PSA_MAC_LENGTH(key_type, key_bits, alg) \
329 ((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
330 PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
331 PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
332 ((void) (key_type), (void) (key_bits), 0u))
333
360#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \
361 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
362 (plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
363 0u)
364
383#define PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length) \
384 ((plaintext_length) + PSA_AEAD_TAG_MAX_SIZE)
385
386
413#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \
414 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
415 (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
416 (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
417 0u)
418
437#define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length) \
438 (ciphertext_length)
439
465#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
466 (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
467 MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13u : \
468 MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12u : \
469 0u : \
470 (key_type) == PSA_KEY_TYPE_CHACHA20 && \
471 MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12u : \
472 0u)
473
485#define PSA_AEAD_NONCE_MAX_SIZE 13u
486
513/* For all the AEAD modes defined in this specification, it is possible
514 * to emit output without delay. However, hardware may not always be
515 * capable of this. So for modes based on a block cipher, allow the
516 * implementation to delay the output until it has a full block. */
517#define PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
518 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
519 PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
520 PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
521 (input_length) : \
522 0u)
523
534#define PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length) \
535 (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)))
536
558#define PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg) \
559 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
560 PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
561 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
562 0u)
563
569#define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
570
592#define PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg) \
593 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
594 PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
595 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
596 0u)
597
603#define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
604
605#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
606 (PSA_ALG_IS_RSA_OAEP(alg) ? \
607 2u * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1u : \
608 11u /*PKCS#1v1.5*/)
609
618#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
619 (PSA_BITS_TO_BYTES(curve_bits) * 2u)
620
646#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
647 (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
648 PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
649 ((void) alg, 0u))
650
651#define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
652 PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
653
661#define PSA_SIGNATURE_MAX_SIZE 1
662
663#if (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)) && \
664 (PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE > PSA_SIGNATURE_MAX_SIZE)
665#undef PSA_SIGNATURE_MAX_SIZE
666#define PSA_SIGNATURE_MAX_SIZE PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE
667#endif
668#if (defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) || defined(PSA_WANT_ALG_RSA_PSS)) && \
669 (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_SIGNATURE_MAX_SIZE)
670#undef PSA_SIGNATURE_MAX_SIZE
671#define PSA_SIGNATURE_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS)
672#endif
673
699#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
700 (PSA_KEY_TYPE_IS_RSA(key_type) ? \
701 ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
702 0u)
703
709/* This macro assumes that RSA is the only supported asymmetric encryption. */
710#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE \
711 (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
712
738#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
739 (PSA_KEY_TYPE_IS_RSA(key_type) ? \
740 PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
741 0u)
742
750#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE \
751 (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
752
753/* Maximum size of the ASN.1 encoding of an INTEGER with the specified
754 * number of bits.
755 *
756 * This definition assumes that bits <= 2^19 - 9 so that the length field
757 * is at most 3 bytes. The length of the encoding is the length of the
758 * bit string padded to a whole number of bytes plus:
759 * - 1 type byte;
760 * - 1 to 3 length bytes;
761 * - 0 to 1 bytes of leading 0 due to the sign bit.
762 */
763#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
764 ((bits) / 8u + 5u)
765
766/* Maximum size of the export encoding of an RSA public key.
767 * Assumes that the public exponent is less than 2^32.
768 *
769 * RSAPublicKey ::= SEQUENCE {
770 * modulus INTEGER, -- n
771 * publicExponent INTEGER } -- e
772 *
773 * - 4 bytes of SEQUENCE overhead;
774 * - n : INTEGER;
775 * - 7 bytes for the public exponent.
776 */
777#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
778 (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11u)
779
780/* Maximum size of the export encoding of an RSA key pair.
781 * Assumes that the public exponent is less than 2^32 and that the size
782 * difference between the two primes is at most 1 bit.
783 *
784 * RSAPrivateKey ::= SEQUENCE {
785 * version Version, -- 0
786 * modulus INTEGER, -- N-bit
787 * publicExponent INTEGER, -- 32-bit
788 * privateExponent INTEGER, -- N-bit
789 * prime1 INTEGER, -- N/2-bit
790 * prime2 INTEGER, -- N/2-bit
791 * exponent1 INTEGER, -- N/2-bit
792 * exponent2 INTEGER, -- N/2-bit
793 * coefficient INTEGER, -- N/2-bit
794 * }
795 *
796 * - 4 bytes of SEQUENCE overhead;
797 * - 3 bytes of version;
798 * - 7 half-size INTEGERs plus 2 full-size INTEGERs,
799 * overapproximated as 9 half-size INTEGERS;
800 * - 7 bytes for the public exponent.
801 */
802#define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
803 (9u * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2u + 1u) + 14u)
804
805/* Maximum size of the export encoding of a DSA public key.
806 *
807 * SubjectPublicKeyInfo ::= SEQUENCE {
808 * algorithm AlgorithmIdentifier,
809 * subjectPublicKey BIT STRING } -- contains DSAPublicKey
810 * AlgorithmIdentifier ::= SEQUENCE {
811 * algorithm OBJECT IDENTIFIER,
812 * parameters Dss-Params } -- SEQUENCE of 3 INTEGERs
813 * DSAPublicKey ::= INTEGER -- public key, Y
814 *
815 * - 3 * 4 bytes of SEQUENCE overhead;
816 * - 1 + 1 + 7 bytes of algorithm (DSA OID);
817 * - 4 bytes of BIT STRING overhead;
818 * - 3 full-size INTEGERs (p, g, y);
819 * - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
820 */
821#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
822 (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 59u)
823
824/* Maximum size of the export encoding of a DSA key pair.
825 *
826 * DSAPrivateKey ::= SEQUENCE {
827 * version Version, -- 0
828 * prime INTEGER, -- p
829 * subprime INTEGER, -- q
830 * generator INTEGER, -- g
831 * public INTEGER, -- y
832 * private INTEGER, -- x
833 * }
834 *
835 * - 4 bytes of SEQUENCE overhead;
836 * - 3 bytes of version;
837 * - 3 full-size INTEGERs (p, g, y);
838 * - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
839 */
840#define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
841 (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 75u)
842
843/* Maximum size of the export encoding of an ECC public key.
844 *
845 * The representation of an ECC public key is:
846 * - The byte 0x04;
847 * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
848 * - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
849 * - where m is the bit size associated with the curve.
850 *
851 * - 1 byte + 2 * point size.
852 */
853#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
854 (2u * PSA_BITS_TO_BYTES(key_bits) + 1u)
855
856/* Maximum size of the export encoding of an ECC key pair.
857 *
858 * An ECC key pair is represented by the secret value.
859 */
860#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
861 (PSA_BITS_TO_BYTES(key_bits))
862
863/* Maximum size of the export encoding of an DH key pair.
864 *
865 * An DH key pair is represented by the secret value.
866 */
867#define PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(key_bits) \
868 (PSA_BITS_TO_BYTES(key_bits))
869
870/* Maximum size of the export encoding of an DH public key.
871 */
872#define PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(key_bits) \
873 (PSA_BITS_TO_BYTES(key_bits))
874
914#define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
915 (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
916 PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
917 (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
918 (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
919 (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
920 (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
921 PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
922 PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
923 0u)
924
970#define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
971 (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
972 PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
973 PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
974 0u)
975
984#define PSA_EXPORT_KEY_PAIR_MAX_SIZE 1
985
986#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
987 (PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \
988 PSA_EXPORT_KEY_PAIR_MAX_SIZE)
989#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE
990#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
991 PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
992#endif
993#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && \
994 (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
995 PSA_EXPORT_KEY_PAIR_MAX_SIZE)
996#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE
997#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
998 PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)
999#endif
1000#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) && \
1001 (PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \
1002 PSA_EXPORT_KEY_PAIR_MAX_SIZE)
1003#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE
1004#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
1005 PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
1006#endif
1007
1017#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE 1
1018
1019#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
1020 (PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \
1021 PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
1022#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
1023#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
1024 PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
1025#endif
1026#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) && \
1027 (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
1028 PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
1029#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
1030#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
1031 PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)
1032#endif
1033#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) && \
1034 (PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \
1035 PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
1036#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
1037#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
1038 PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
1039#endif
1040
1041#define PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE \
1042 ((PSA_EXPORT_KEY_PAIR_MAX_SIZE > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) ? \
1043 PSA_EXPORT_KEY_PAIR_MAX_SIZE : PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
1044
1068#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
1069 ((PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) || \
1070 PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type)) ? PSA_BITS_TO_BYTES(key_bits) : 0u)
1071
1079#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE 1
1080
1081#if defined(PSA_WANT_ALG_ECDH) && \
1082 (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE)
1083#undef PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
1084#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)
1085#endif
1086#if defined(PSA_WANT_ALG_FFDH) && \
1087 (PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE)
1088#undef PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
1089#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS)
1090#endif
1091
1104#if (defined(PSA_WANT_KEY_TYPE_AES) || defined(PSA_WANT_KEY_TYPE_ARIA) || \
1105 defined(PSA_WANT_KEY_TYPE_CAMELLIA) || defined(PSA_WANT_KEY_TYPE_CHACHA20))
1106#define PSA_CIPHER_MAX_KEY_LENGTH 32u
1107#elif defined(PSA_WANT_KEY_TYPE_DES)
1108#define PSA_CIPHER_MAX_KEY_LENGTH 24u
1109#else
1110#define PSA_CIPHER_MAX_KEY_LENGTH 0u
1111#endif
1112
1137#define PSA_CIPHER_IV_LENGTH(key_type, alg) \
1138 (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
1139 ((alg) == PSA_ALG_CTR || \
1140 (alg) == PSA_ALG_CFB || \
1141 (alg) == PSA_ALG_OFB || \
1142 (alg) == PSA_ALG_XTS || \
1143 (alg) == PSA_ALG_CBC_NO_PADDING || \
1144 (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
1145 (key_type) == PSA_KEY_TYPE_CHACHA20 && \
1146 (alg) == PSA_ALG_STREAM_CIPHER ? 12u : \
1147 (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13u : \
1148 0u)
1149
1154#define PSA_CIPHER_IV_MAX_SIZE 16u
1155
1179#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
1180 (alg == PSA_ALG_CBC_PKCS7 ? \
1181 (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
1182 PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1183 (input_length) + 1u) + \
1184 PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0u) : \
1185 (PSA_ALG_IS_CIPHER(alg) ? \
1186 (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
1187 0u))
1188
1200#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
1201 (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
1202 (input_length) + 1u) + \
1203 PSA_CIPHER_IV_MAX_SIZE)
1204
1224#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
1225 (PSA_ALG_IS_CIPHER(alg) && \
1226 ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
1227 (input_length) : \
1228 0u)
1229
1240#define PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length) \
1241 (input_length)
1242
1261#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
1262 (PSA_ALG_IS_CIPHER(alg) ? \
1263 (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
1264 (((alg) == PSA_ALG_CBC_PKCS7 || \
1265 (alg) == PSA_ALG_CBC_NO_PADDING || \
1266 (alg) == PSA_ALG_ECB_NO_PADDING) ? \
1267 PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1268 input_length) : \
1269 (input_length)) : 0u) : \
1270 0u)
1271
1282#define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length) \
1283 (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, input_length))
1284
1302#define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \
1303 (PSA_ALG_IS_CIPHER(alg) ? \
1304 (alg == PSA_ALG_CBC_PKCS7 ? \
1305 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
1306 0u) : \
1307 0u)
1308
1314#define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \
1315 (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
1316
1317#endif /* PSA_CRYPTO_SIZES_H */
Build-time PSA configuration info.