mbed TLS v3.3.0
Loading...
Searching...
No Matches
crypto_sizes.h
Go to the documentation of this file.
1
23/*
24 * Copyright The Mbed TLS Contributors
25 * SPDX-License-Identifier: Apache-2.0
26 *
27 * Licensed under the Apache License, Version 2.0 (the "License"); you may
28 * not use this file except in compliance with the License.
29 * You may obtain a copy of the License at
30 *
31 * http://www.apache.org/licenses/LICENSE-2.0
32 *
33 * Unless required by applicable law or agreed to in writing, software
34 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
35 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
36 * See the License for the specific language governing permissions and
37 * limitations under the License.
38 */
39
40#ifndef PSA_CRYPTO_SIZES_H
41#define PSA_CRYPTO_SIZES_H
42
43/* Include the Mbed TLS configuration file, the way Mbed TLS does it
44 * in each of its header files. */
45#include "mbedtls/build_info.h"
46
47#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
48#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
49
50#define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
51 (((length) + (block_size) - 1) / (block_size) * (block_size))
52
65#define PSA_HASH_LENGTH(alg) \
66 ( \
67 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
68 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
69 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
70 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
71 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
72 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
73 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
74 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
75 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
76 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
77 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
78 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
79 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
80 0)
81
97#define PSA_HASH_BLOCK_LENGTH(alg) \
98 ( \
99 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 : \
100 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 : \
101 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 : \
102 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 : \
103 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 : \
104 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 : \
105 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 : \
106 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 : \
107 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 : \
108 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 : \
109 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 : \
110 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 : \
111 PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 : \
112 0)
113
121/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
122 * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
123 * HMAC-SHA3-512. */
124#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_384)
125#define PSA_HASH_MAX_SIZE 64
126#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
127#else
128#define PSA_HASH_MAX_SIZE 32
129#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
130#endif
131
139/* All non-HMAC MACs have a maximum size that's smaller than the
140 * minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
141/* Note that the encoding of truncated MAC algorithms limits this value
142 * to 64 bytes.
143 */
144#define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
145
167#define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) \
168 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
169 PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
170 ((void) (key_bits), 0))
171
176#define PSA_AEAD_TAG_MAX_SIZE 16
177
178/* The maximum size of an RSA key on this implementation, in bits.
179 * This is a vendor-specific macro.
180 *
181 * Mbed TLS does not set a hard limit on the size of RSA keys: any key
182 * whose parameters fit in a bignum is accepted. However large keys can
183 * induce a large memory usage and long computation times. Unlike other
184 * auxiliary macros in this file and in crypto.h, which reflect how the
185 * library is configured, this macro defines how the library is
186 * configured. This implementation refuses to import or generate an
187 * RSA key whose size is larger than the value defined here.
188 *
189 * Note that an implementation may set different size limits for different
190 * operations, and does not need to accept all key sizes up to the limit. */
191#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
192
193/* The maximum size of an ECC key on this implementation, in bits.
194 * This is a vendor-specific macro. */
195#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
196#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
197#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
198#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
199#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
200#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
201#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
202#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
203#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
204#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
205#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
206#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
207#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
208#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
209#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
210#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
211#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
212#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
213#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
214#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
215#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
216#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
217#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
218#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
219#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
220#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
221#else
222#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
223#endif
224
240#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
241
242/* The expected size of input passed to psa_tls12_ecjpake_to_pms_input,
243 * which is expected to work with P-256 curve only. */
244#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65
245
246/* The size of a serialized K.X coordinate to be used in
247 * psa_tls12_ecjpake_to_pms_input. This function only accepts the P-256
248 * curve. */
249#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32
250
252#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
253
275#define PSA_MAC_LENGTH(key_type, key_bits, alg) \
276 ((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
277 PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
278 PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
279 ((void)(key_type), (void)(key_bits), 0))
280
307#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \
308 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
309 (plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
310 0)
311
330#define PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length) \
331 ((plaintext_length) + PSA_AEAD_TAG_MAX_SIZE)
332
333
360#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \
361 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
362 (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
363 (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
364 0)
365
384#define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length) \
385 (ciphertext_length)
386
412#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
413 (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
414 MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13 : \
415 MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12 : \
416 0 : \
417 (key_type) == PSA_KEY_TYPE_CHACHA20 && \
418 MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12 : \
419 0)
420
432#define PSA_AEAD_NONCE_MAX_SIZE 13
433
460/* For all the AEAD modes defined in this specification, it is possible
461 * to emit output without delay. However, hardware may not always be
462 * capable of this. So for modes based on a block cipher, allow the
463 * implementation to delay the output until it has a full block. */
464#define PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
465 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
466 PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
467 PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
468 (input_length) : \
469 0)
470
481#define PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length) \
482 (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)))
483
505#define PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg) \
506 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
507 PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
508 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
509 0)
510
516#define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
517
539#define PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg) \
540 (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
541 PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
542 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
543 0)
544
550#define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
551
552#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
553 (PSA_ALG_IS_RSA_OAEP(alg) ? \
554 2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
555 11 /*PKCS#1v1.5*/)
556
565#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
566 (PSA_BITS_TO_BYTES(curve_bits) * 2)
567
593#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
594 (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
595 PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
596 ((void)alg, 0))
597
598#define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
599 PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
600
608#define PSA_SIGNATURE_MAX_SIZE \
609 (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
610 PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
611 PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE)
612
638#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
639 (PSA_KEY_TYPE_IS_RSA(key_type) ? \
640 ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
641 0)
642
648/* This macro assumes that RSA is the only supported asymmetric encryption. */
649#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE \
650 (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
651
677#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
678 (PSA_KEY_TYPE_IS_RSA(key_type) ? \
679 PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
680 0)
681
689#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE \
690 (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
691
692/* Maximum size of the ASN.1 encoding of an INTEGER with the specified
693 * number of bits.
694 *
695 * This definition assumes that bits <= 2^19 - 9 so that the length field
696 * is at most 3 bytes. The length of the encoding is the length of the
697 * bit string padded to a whole number of bytes plus:
698 * - 1 type byte;
699 * - 1 to 3 length bytes;
700 * - 0 to 1 bytes of leading 0 due to the sign bit.
701 */
702#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
703 ((bits) / 8 + 5)
704
705/* Maximum size of the export encoding of an RSA public key.
706 * Assumes that the public exponent is less than 2^32.
707 *
708 * RSAPublicKey ::= SEQUENCE {
709 * modulus INTEGER, -- n
710 * publicExponent INTEGER } -- e
711 *
712 * - 4 bytes of SEQUENCE overhead;
713 * - n : INTEGER;
714 * - 7 bytes for the public exponent.
715 */
716#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
717 (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
718
719/* Maximum size of the export encoding of an RSA key pair.
720 * Assumes that the public exponent is less than 2^32 and that the size
721 * difference between the two primes is at most 1 bit.
722 *
723 * RSAPrivateKey ::= SEQUENCE {
724 * version Version, -- 0
725 * modulus INTEGER, -- N-bit
726 * publicExponent INTEGER, -- 32-bit
727 * privateExponent INTEGER, -- N-bit
728 * prime1 INTEGER, -- N/2-bit
729 * prime2 INTEGER, -- N/2-bit
730 * exponent1 INTEGER, -- N/2-bit
731 * exponent2 INTEGER, -- N/2-bit
732 * coefficient INTEGER, -- N/2-bit
733 * }
734 *
735 * - 4 bytes of SEQUENCE overhead;
736 * - 3 bytes of version;
737 * - 7 half-size INTEGERs plus 2 full-size INTEGERs,
738 * overapproximated as 9 half-size INTEGERS;
739 * - 7 bytes for the public exponent.
740 */
741#define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
742 (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
743
744/* Maximum size of the export encoding of a DSA public key.
745 *
746 * SubjectPublicKeyInfo ::= SEQUENCE {
747 * algorithm AlgorithmIdentifier,
748 * subjectPublicKey BIT STRING } -- contains DSAPublicKey
749 * AlgorithmIdentifier ::= SEQUENCE {
750 * algorithm OBJECT IDENTIFIER,
751 * parameters Dss-Params } -- SEQUENCE of 3 INTEGERs
752 * DSAPublicKey ::= INTEGER -- public key, Y
753 *
754 * - 3 * 4 bytes of SEQUENCE overhead;
755 * - 1 + 1 + 7 bytes of algorithm (DSA OID);
756 * - 4 bytes of BIT STRING overhead;
757 * - 3 full-size INTEGERs (p, g, y);
758 * - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
759 */
760#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
761 (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
762
763/* Maximum size of the export encoding of a DSA key pair.
764 *
765 * DSAPrivateKey ::= SEQUENCE {
766 * version Version, -- 0
767 * prime INTEGER, -- p
768 * subprime INTEGER, -- q
769 * generator INTEGER, -- g
770 * public INTEGER, -- y
771 * private INTEGER, -- x
772 * }
773 *
774 * - 4 bytes of SEQUENCE overhead;
775 * - 3 bytes of version;
776 * - 3 full-size INTEGERs (p, g, y);
777 * - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
778 */
779#define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
780 (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
781
782/* Maximum size of the export encoding of an ECC public key.
783 *
784 * The representation of an ECC public key is:
785 * - The byte 0x04;
786 * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
787 * - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
788 * - where m is the bit size associated with the curve.
789 *
790 * - 1 byte + 2 * point size.
791 */
792#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
793 (2 * PSA_BITS_TO_BYTES(key_bits) + 1)
794
795/* Maximum size of the export encoding of an ECC key pair.
796 *
797 * An ECC key pair is represented by the secret value.
798 */
799#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
800 (PSA_BITS_TO_BYTES(key_bits))
801
841#define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
842 (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
843 (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
844 (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
845 (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
846 (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
847 PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
848 PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
849 0)
850
896#define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
897 (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
898 PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
899 0)
900
909#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
910 (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
911 PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
912 PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
913 PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
914
924#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
925 (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
926 PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
927 PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
928 PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
929
953/* FFDH is not yet supported in PSA. */
954#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
955 (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \
956 PSA_BITS_TO_BYTES(key_bits) : \
957 0)
958
966#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \
967 (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS))
968
993#define PSA_CIPHER_IV_LENGTH(key_type, alg) \
994 (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
995 ((alg) == PSA_ALG_CTR || \
996 (alg) == PSA_ALG_CFB || \
997 (alg) == PSA_ALG_OFB || \
998 (alg) == PSA_ALG_XTS || \
999 (alg) == PSA_ALG_CBC_NO_PADDING || \
1000 (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
1001 (key_type) == PSA_KEY_TYPE_CHACHA20 && \
1002 (alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
1003 (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13 : \
1004 0)
1005
1010#define PSA_CIPHER_IV_MAX_SIZE 16
1011
1035#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
1036 (alg == PSA_ALG_CBC_PKCS7 ? \
1037 (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
1038 PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1039 (input_length) + 1) + \
1040 PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0) : \
1041 (PSA_ALG_IS_CIPHER(alg) ? \
1042 (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
1043 0))
1044
1056#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
1057 (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
1058 (input_length) + 1) + \
1059 PSA_CIPHER_IV_MAX_SIZE)
1060
1080#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
1081 (PSA_ALG_IS_CIPHER(alg) && \
1082 ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
1083 (input_length) : \
1084 0)
1085
1096#define PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length) \
1097 (input_length)
1098
1117#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
1118 (PSA_ALG_IS_CIPHER(alg) ? \
1119 (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
1120 (((alg) == PSA_ALG_CBC_PKCS7 || \
1121 (alg) == PSA_ALG_CBC_NO_PADDING || \
1122 (alg) == PSA_ALG_ECB_NO_PADDING) ? \
1123 PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1124 input_length) : \
1125 (input_length)) : 0) : \
1126 0)
1127
1138#define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length) \
1139 (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, input_length))
1140
1158#define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \
1159 (PSA_ALG_IS_CIPHER(alg) ? \
1160 (alg == PSA_ALG_CBC_PKCS7 ? \
1161 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
1162 0) : \
1163 0)
1164
1170#define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \
1171 (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
1172
1173#endif /* PSA_CRYPTO_SIZES_H */
Build-time configuration info.