mbed TLS v3.4.0
crypto_sizes.h
Go to the documentation of this file.
1 
23 /*
24  * Copyright The Mbed TLS Contributors
25  * SPDX-License-Identifier: Apache-2.0
26  *
27  * Licensed under the Apache License, Version 2.0 (the "License"); you may
28  * not use this file except in compliance with the License.
29  * You may obtain a copy of the License at
30  *
31  * http://www.apache.org/licenses/LICENSE-2.0
32  *
33  * Unless required by applicable law or agreed to in writing, software
34  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
35  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
36  * See the License for the specific language governing permissions and
37  * limitations under the License.
38  */
39 
40 #ifndef PSA_CRYPTO_SIZES_H
41 #define PSA_CRYPTO_SIZES_H
42 
43 /* Include the Mbed TLS configuration file, the way Mbed TLS does it
44  * in each of its header files. */
45 #include "mbedtls/build_info.h"
46 
47 #define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
48 #define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
49 
50 #define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
51  (((length) + (block_size) - 1) / (block_size) * (block_size))
52 
65 #define PSA_HASH_LENGTH(alg) \
66  ( \
67  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
68  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
69  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
70  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
71  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
72  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
73  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
74  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
75  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
76  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
77  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
78  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
79  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
80  0)
81 
97 #define PSA_HASH_BLOCK_LENGTH(alg) \
98  ( \
99  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 : \
100  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 : \
101  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 : \
102  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 : \
103  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 : \
104  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 : \
105  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 : \
106  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 : \
107  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 : \
108  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 : \
109  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 : \
110  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 : \
111  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 : \
112  0)
113 
121 /* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
122  * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
123  * HMAC-SHA3-512. */
124 #if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_384)
125 #define PSA_HASH_MAX_SIZE 64
126 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
127 #else
128 #define PSA_HASH_MAX_SIZE 32
129 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
130 #endif
131 
139 /* All non-HMAC MACs have a maximum size that's smaller than the
140  * minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
141 /* Note that the encoding of truncated MAC algorithms limits this value
142  * to 64 bytes.
143  */
144 #define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
145 
167 #define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) \
168  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
169  PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
170  ((void) (key_bits), 0))
171 
176 #define PSA_AEAD_TAG_MAX_SIZE 16
177 
178 /* The maximum size of an RSA key on this implementation, in bits.
179  * This is a vendor-specific macro.
180  *
181  * Mbed TLS does not set a hard limit on the size of RSA keys: any key
182  * whose parameters fit in a bignum is accepted. However large keys can
183  * induce a large memory usage and long computation times. Unlike other
184  * auxiliary macros in this file and in crypto.h, which reflect how the
185  * library is configured, this macro defines how the library is
186  * configured. This implementation refuses to import or generate an
187  * RSA key whose size is larger than the value defined here.
188  *
189  * Note that an implementation may set different size limits for different
190  * operations, and does not need to accept all key sizes up to the limit. */
191 #define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
192 
193 /* The maximum size of an ECC key on this implementation, in bits.
194  * This is a vendor-specific macro. */
195 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
196 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
197 #elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
198 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
199 #elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
200 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
201 #elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
202 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
203 #elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
204 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
205 #elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
206 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
207 #elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
208 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
209 #elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
210 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
211 #elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
212 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
213 #elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
214 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
215 #elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
216 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
217 #elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
218 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
219 #elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
220 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
221 #else
222 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
223 #endif
224 
240 #define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
241 
242 /* The expected size of input passed to psa_tls12_ecjpake_to_pms_input,
243  * which is expected to work with P-256 curve only. */
244 #define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65
245 
246 /* The size of a serialized K.X coordinate to be used in
247  * psa_tls12_ecjpake_to_pms_input. This function only accepts the P-256
248  * curve. */
249 #define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32
250 
252 #define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
253 
275 #define PSA_MAC_LENGTH(key_type, key_bits, alg) \
276  ((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
277  PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
278  PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
279  ((void) (key_type), (void) (key_bits), 0))
280 
307 #define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \
308  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
309  (plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
310  0)
311 
330 #define PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length) \
331  ((plaintext_length) + PSA_AEAD_TAG_MAX_SIZE)
332 
333 
360 #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \
361  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
362  (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
363  (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
364  0)
365 
384 #define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length) \
385  (ciphertext_length)
386 
412 #define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
413  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
414  MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13 : \
415  MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12 : \
416  0 : \
417  (key_type) == PSA_KEY_TYPE_CHACHA20 && \
418  MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12 : \
419  0)
420 
432 #define PSA_AEAD_NONCE_MAX_SIZE 13
433 
460 /* For all the AEAD modes defined in this specification, it is possible
461  * to emit output without delay. However, hardware may not always be
462  * capable of this. So for modes based on a block cipher, allow the
463  * implementation to delay the output until it has a full block. */
464 #define PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
465  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
466  PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
467  PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
468  (input_length) : \
469  0)
470 
481 #define PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length) \
482  (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)))
483 
505 #define PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg) \
506  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
507  PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
508  PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
509  0)
510 
516 #define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
517 
539 #define PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg) \
540  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
541  PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
542  PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
543  0)
544 
550 #define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
551 
552 #define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
553  (PSA_ALG_IS_RSA_OAEP(alg) ? \
554  2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
555  11 /*PKCS#1v1.5*/)
556 
565 #define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
566  (PSA_BITS_TO_BYTES(curve_bits) * 2)
567 
593 #define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
594  (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
595  PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
596  ((void) alg, 0))
597 
598 #define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
599  PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
600 
608 #define PSA_SIGNATURE_MAX_SIZE \
609  (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
610  PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
611  PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE)
612 
638 #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
639  (PSA_KEY_TYPE_IS_RSA(key_type) ? \
640  ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
641  0)
642 
648 /* This macro assumes that RSA is the only supported asymmetric encryption. */
649 #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE \
650  (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
651 
677 #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
678  (PSA_KEY_TYPE_IS_RSA(key_type) ? \
679  PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
680  0)
681 
689 #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE \
690  (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
691 
692 /* Maximum size of the ASN.1 encoding of an INTEGER with the specified
693  * number of bits.
694  *
695  * This definition assumes that bits <= 2^19 - 9 so that the length field
696  * is at most 3 bytes. The length of the encoding is the length of the
697  * bit string padded to a whole number of bytes plus:
698  * - 1 type byte;
699  * - 1 to 3 length bytes;
700  * - 0 to 1 bytes of leading 0 due to the sign bit.
701  */
702 #define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
703  ((bits) / 8 + 5)
704 
705 /* Maximum size of the export encoding of an RSA public key.
706  * Assumes that the public exponent is less than 2^32.
707  *
708  * RSAPublicKey ::= SEQUENCE {
709  * modulus INTEGER, -- n
710  * publicExponent INTEGER } -- e
711  *
712  * - 4 bytes of SEQUENCE overhead;
713  * - n : INTEGER;
714  * - 7 bytes for the public exponent.
715  */
716 #define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
717  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
718 
719 /* Maximum size of the export encoding of an RSA key pair.
720  * Assumes that the public exponent is less than 2^32 and that the size
721  * difference between the two primes is at most 1 bit.
722  *
723  * RSAPrivateKey ::= SEQUENCE {
724  * version Version, -- 0
725  * modulus INTEGER, -- N-bit
726  * publicExponent INTEGER, -- 32-bit
727  * privateExponent INTEGER, -- N-bit
728  * prime1 INTEGER, -- N/2-bit
729  * prime2 INTEGER, -- N/2-bit
730  * exponent1 INTEGER, -- N/2-bit
731  * exponent2 INTEGER, -- N/2-bit
732  * coefficient INTEGER, -- N/2-bit
733  * }
734  *
735  * - 4 bytes of SEQUENCE overhead;
736  * - 3 bytes of version;
737  * - 7 half-size INTEGERs plus 2 full-size INTEGERs,
738  * overapproximated as 9 half-size INTEGERS;
739  * - 7 bytes for the public exponent.
740  */
741 #define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
742  (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
743 
744 /* Maximum size of the export encoding of a DSA public key.
745  *
746  * SubjectPublicKeyInfo ::= SEQUENCE {
747  * algorithm AlgorithmIdentifier,
748  * subjectPublicKey BIT STRING } -- contains DSAPublicKey
749  * AlgorithmIdentifier ::= SEQUENCE {
750  * algorithm OBJECT IDENTIFIER,
751  * parameters Dss-Params } -- SEQUENCE of 3 INTEGERs
752  * DSAPublicKey ::= INTEGER -- public key, Y
753  *
754  * - 3 * 4 bytes of SEQUENCE overhead;
755  * - 1 + 1 + 7 bytes of algorithm (DSA OID);
756  * - 4 bytes of BIT STRING overhead;
757  * - 3 full-size INTEGERs (p, g, y);
758  * - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
759  */
760 #define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
761  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
762 
763 /* Maximum size of the export encoding of a DSA key pair.
764  *
765  * DSAPrivateKey ::= SEQUENCE {
766  * version Version, -- 0
767  * prime INTEGER, -- p
768  * subprime INTEGER, -- q
769  * generator INTEGER, -- g
770  * public INTEGER, -- y
771  * private INTEGER, -- x
772  * }
773  *
774  * - 4 bytes of SEQUENCE overhead;
775  * - 3 bytes of version;
776  * - 3 full-size INTEGERs (p, g, y);
777  * - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
778  */
779 #define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
780  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
781 
782 /* Maximum size of the export encoding of an ECC public key.
783  *
784  * The representation of an ECC public key is:
785  * - The byte 0x04;
786  * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
787  * - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
788  * - where m is the bit size associated with the curve.
789  *
790  * - 1 byte + 2 * point size.
791  */
792 #define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
793  (2 * PSA_BITS_TO_BYTES(key_bits) + 1)
794 
795 /* Maximum size of the export encoding of an ECC key pair.
796  *
797  * An ECC key pair is represented by the secret value.
798  */
799 #define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
800  (PSA_BITS_TO_BYTES(key_bits))
801 
841 #define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
842  (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
843  (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
844  (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
845  (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
846  (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
847  PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
848  PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
849  0)
850 
896 #define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
897  (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
898  PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
899  0)
900 
909 #define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
910  (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
911  PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
912  PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
913  PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
914 
924 #define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
925  (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
926  PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
927  PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
928  PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
929 
953 /* FFDH is not yet supported in PSA. */
954 #define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
955  (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \
956  PSA_BITS_TO_BYTES(key_bits) : \
957  0)
958 
966 #define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \
967  (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS))
968 
993 #define PSA_CIPHER_IV_LENGTH(key_type, alg) \
994  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
995  ((alg) == PSA_ALG_CTR || \
996  (alg) == PSA_ALG_CFB || \
997  (alg) == PSA_ALG_OFB || \
998  (alg) == PSA_ALG_XTS || \
999  (alg) == PSA_ALG_CBC_NO_PADDING || \
1000  (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
1001  (key_type) == PSA_KEY_TYPE_CHACHA20 && \
1002  (alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
1003  (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13 : \
1004  0)
1005 
1010 #define PSA_CIPHER_IV_MAX_SIZE 16
1011 
1035 #define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
1036  (alg == PSA_ALG_CBC_PKCS7 ? \
1037  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
1038  PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1039  (input_length) + 1) + \
1040  PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0) : \
1041  (PSA_ALG_IS_CIPHER(alg) ? \
1042  (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
1043  0))
1044 
1056 #define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
1057  (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
1058  (input_length) + 1) + \
1059  PSA_CIPHER_IV_MAX_SIZE)
1060 
1080 #define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
1081  (PSA_ALG_IS_CIPHER(alg) && \
1082  ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
1083  (input_length) : \
1084  0)
1085 
1096 #define PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length) \
1097  (input_length)
1098 
1117 #define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
1118  (PSA_ALG_IS_CIPHER(alg) ? \
1119  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
1120  (((alg) == PSA_ALG_CBC_PKCS7 || \
1121  (alg) == PSA_ALG_CBC_NO_PADDING || \
1122  (alg) == PSA_ALG_ECB_NO_PADDING) ? \
1123  PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1124  input_length) : \
1125  (input_length)) : 0) : \
1126  0)
1127 
1138 #define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length) \
1139  (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, input_length))
1140 
1158 #define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \
1159  (PSA_ALG_IS_CIPHER(alg) ? \
1160  (alg == PSA_ALG_CBC_PKCS7 ? \
1161  PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
1162  0) : \
1163  0)
1164 
1170 #define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \
1171  (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
1172 
1173 #endif /* PSA_CRYPTO_SIZES_H */
Build-time configuration info.