mbed TLS v2.26.0
Main Page
Related Pages
Modules
Data Structures
Files
File List
Globals
include
psa
crypto_sizes.h
Go to the documentation of this file.
1
23
/*
24
* Copyright The Mbed TLS Contributors
25
* SPDX-License-Identifier: Apache-2.0
26
*
27
* Licensed under the Apache License, Version 2.0 (the "License"); you may
28
* not use this file except in compliance with the License.
29
* You may obtain a copy of the License at
30
*
31
* http://www.apache.org/licenses/LICENSE-2.0
32
*
33
* Unless required by applicable law or agreed to in writing, software
34
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
35
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
36
* See the License for the specific language governing permissions and
37
* limitations under the License.
38
*/
39
40
#ifndef PSA_CRYPTO_SIZES_H
41
#define PSA_CRYPTO_SIZES_H
42
43
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
44
* in each of its header files. */
45
#if !defined(MBEDTLS_CONFIG_FILE)
46
#include "
mbedtls/config.h
"
47
#else
48
#include MBEDTLS_CONFIG_FILE
49
#endif
50
51
#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
52
#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
53
54
#define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
55
(((length) + (block_size) - 1) / (block_size) * (block_size))
56
69
#define PSA_HASH_LENGTH(alg) \
70
( \
71
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
72
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \
73
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
74
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
75
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
76
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
77
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
78
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
79
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
80
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
81
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
82
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
83
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
84
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
85
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
86
0)
87
95
/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
96
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
97
* HMAC-SHA3-512. */
98
#if defined(MBEDTLS_SHA512_C)
99
#define PSA_HASH_MAX_SIZE 64
100
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
101
#else
102
#define PSA_HASH_MAX_SIZE 32
103
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
104
#endif
105
113
/* All non-HMAC MACs have a maximum size that's smaller than the
114
* minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
115
/* Note that the encoding of truncated MAC algorithms limits this value
116
* to 64 bytes.
117
*/
118
#define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
119
132
#define PSA_AEAD_TAG_LENGTH(alg) \
133
(PSA_ALG_IS_AEAD(alg) ? \
134
(((alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> PSA_AEAD_TAG_LENGTH_OFFSET) : \
135
0)
136
141
#define PSA_AEAD_TAG_MAX_SIZE 16
142
143
/* The maximum size of an RSA key on this implementation, in bits.
144
* This is a vendor-specific macro.
145
*
146
* Mbed TLS does not set a hard limit on the size of RSA keys: any key
147
* whose parameters fit in a bignum is accepted. However large keys can
148
* induce a large memory usage and long computation times. Unlike other
149
* auxiliary macros in this file and in crypto.h, which reflect how the
150
* library is configured, this macro defines how the library is
151
* configured. This implementation refuses to import or generate an
152
* RSA key whose size is larger than the value defined here.
153
*
154
* Note that an implementation may set different size limits for different
155
* operations, and does not need to accept all key sizes up to the limit. */
156
#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
157
158
/* The maximum size of an ECC key on this implementation, in bits.
159
* This is a vendor-specific macro. */
160
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
161
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
162
#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
163
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
164
#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
165
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
166
#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
167
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
168
#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
169
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
170
#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
171
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
172
#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
173
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
174
#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
175
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
176
#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
177
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
178
#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
179
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
180
#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
181
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
182
#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
183
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
184
#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
185
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
186
#else
187
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
188
#endif
189
205
#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
206
208
#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
209
231
#define PSA_MAC_LENGTH(key_type, key_bits, alg) \
232
((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
233
PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
234
PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
235
((void)(key_type), (void)(key_bits), 0))
236
257
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
258
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
259
(plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \
260
0)
261
279
#define PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length) \
280
((plaintext_length) + PSA_AEAD_TAG_MAX_SIZE)
281
282
303
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
304
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
305
(ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : \
306
0)
307
325
#define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length) \
326
(ciphertext_length)
327
353
#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
354
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 && \
355
(PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CCM || \
356
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_GCM) ? 12 : \
357
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
358
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \
359
0)
360
372
#define PSA_AEAD_NONCE_MAX_SIZE 12
373
394
/* For all the AEAD modes defined in this specification, it is possible
395
* to emit output without delay. However, hardware may not always be
396
* capable of this. So for modes based on a block cipher, allow the
397
* implementation to delay the output until it has a full block. */
398
#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \
399
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
400
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)) : \
401
(input_length))
402
413
#define PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length) \
414
(PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)))
415
431
#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \
432
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
433
PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
434
0)
435
441
#define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
442
458
#define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg) \
459
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
460
PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
461
0)
462
468
#define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
469
470
#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
471
(PSA_ALG_IS_RSA_OAEP(alg) ? \
472
2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
473
11
/*PKCS#1v1.5*/
)
474
483
#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
484
(PSA_BITS_TO_BYTES(curve_bits) * 2)
485
511
#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
512
(PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
513
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
514
((void)alg, 0))
515
516
#define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
517
PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
518
526
#define PSA_SIGNATURE_MAX_SIZE \
527
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
528
PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
529
PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE)
530
556
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
557
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
558
((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
559
0)
560
566
/* This macro assumes that RSA is the only supported asymmetric encryption. */
567
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE \
568
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
569
595
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
596
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
597
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
598
0)
599
607
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE \
608
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
609
610
/* Maximum size of the ASN.1 encoding of an INTEGER with the specified
611
* number of bits.
612
*
613
* This definition assumes that bits <= 2^19 - 9 so that the length field
614
* is at most 3 bytes. The length of the encoding is the length of the
615
* bit string padded to a whole number of bytes plus:
616
* - 1 type byte;
617
* - 1 to 3 length bytes;
618
* - 0 to 1 bytes of leading 0 due to the sign bit.
619
*/
620
#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
621
((bits) / 8 + 5)
622
623
/* Maximum size of the export encoding of an RSA public key.
624
* Assumes that the public exponent is less than 2^32.
625
*
626
* RSAPublicKey ::= SEQUENCE {
627
* modulus INTEGER, -- n
628
* publicExponent INTEGER } -- e
629
*
630
* - 4 bytes of SEQUENCE overhead;
631
* - n : INTEGER;
632
* - 7 bytes for the public exponent.
633
*/
634
#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
635
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
636
637
/* Maximum size of the export encoding of an RSA key pair.
638
* Assumes thatthe public exponent is less than 2^32 and that the size
639
* difference between the two primes is at most 1 bit.
640
*
641
* RSAPrivateKey ::= SEQUENCE {
642
* version Version, -- 0
643
* modulus INTEGER, -- N-bit
644
* publicExponent INTEGER, -- 32-bit
645
* privateExponent INTEGER, -- N-bit
646
* prime1 INTEGER, -- N/2-bit
647
* prime2 INTEGER, -- N/2-bit
648
* exponent1 INTEGER, -- N/2-bit
649
* exponent2 INTEGER, -- N/2-bit
650
* coefficient INTEGER, -- N/2-bit
651
* }
652
*
653
* - 4 bytes of SEQUENCE overhead;
654
* - 3 bytes of version;
655
* - 7 half-size INTEGERs plus 2 full-size INTEGERs,
656
* overapproximated as 9 half-size INTEGERS;
657
* - 7 bytes for the public exponent.
658
*/
659
#define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
660
(9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
661
662
/* Maximum size of the export encoding of a DSA public key.
663
*
664
* SubjectPublicKeyInfo ::= SEQUENCE {
665
* algorithm AlgorithmIdentifier,
666
* subjectPublicKey BIT STRING } -- contains DSAPublicKey
667
* AlgorithmIdentifier ::= SEQUENCE {
668
* algorithm OBJECT IDENTIFIER,
669
* parameters Dss-Parms } -- SEQUENCE of 3 INTEGERs
670
* DSAPublicKey ::= INTEGER -- public key, Y
671
*
672
* - 3 * 4 bytes of SEQUENCE overhead;
673
* - 1 + 1 + 7 bytes of algorithm (DSA OID);
674
* - 4 bytes of BIT STRING overhead;
675
* - 3 full-size INTEGERs (p, g, y);
676
* - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
677
*/
678
#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
679
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
680
681
/* Maximum size of the export encoding of a DSA key pair.
682
*
683
* DSAPrivateKey ::= SEQUENCE {
684
* version Version, -- 0
685
* prime INTEGER, -- p
686
* subprime INTEGER, -- q
687
* generator INTEGER, -- g
688
* public INTEGER, -- y
689
* private INTEGER, -- x
690
* }
691
*
692
* - 4 bytes of SEQUENCE overhead;
693
* - 3 bytes of version;
694
* - 3 full-size INTEGERs (p, g, y);
695
* - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
696
*/
697
#define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
698
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
699
700
/* Maximum size of the export encoding of an ECC public key.
701
*
702
* The representation of an ECC public key is:
703
* - The byte 0x04;
704
* - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
705
* - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
706
* - where m is the bit size associated with the curve.
707
*
708
* - 1 byte + 2 * point size.
709
*/
710
#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
711
(2 * PSA_BITS_TO_BYTES(key_bits) + 1)
712
713
/* Maximum size of the export encoding of an ECC key pair.
714
*
715
* An ECC key pair is represented by the secret value.
716
*/
717
#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
718
(PSA_BITS_TO_BYTES(key_bits))
719
759
#define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
760
(PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
761
(key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
762
(key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
763
(key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
764
(key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
765
PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
766
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
767
0)
768
814
#define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
815
(PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
816
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
817
0)
818
827
#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
828
(PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
829
PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
830
PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
831
PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
832
842
#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
843
(PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
844
PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
845
PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
846
PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
847
871
/* FFDH is not yet supported in PSA. */
872
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
873
(PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \
874
PSA_BITS_TO_BYTES(key_bits) : \
875
0)
876
884
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \
885
(PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS))
886
911
#define PSA_CIPHER_IV_LENGTH(key_type, alg) \
912
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
913
((alg) == PSA_ALG_CTR || \
914
(alg) == PSA_ALG_CFB || \
915
(alg) == PSA_ALG_OFB || \
916
(alg) == PSA_ALG_XTS || \
917
(alg) == PSA_ALG_CBC_NO_PADDING || \
918
(alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
919
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
920
(alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
921
0)
922
927
#define PSA_CIPHER_IV_MAX_SIZE 16
928
952
#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
953
(alg == PSA_ALG_CBC_PKCS7 ? \
954
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
955
(input_length) + 1) + \
956
PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
957
(PSA_ALG_IS_CIPHER(alg) ? \
958
(input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
959
0))
960
972
#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
973
(PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
974
(input_length) + 1) + \
975
PSA_CIPHER_IV_MAX_SIZE)
976
996
#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
997
(PSA_ALG_IS_CIPHER(alg) && \
998
((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
999
(input_length) : \
1000
0)
1001
1012
#define PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length) \
1013
(input_length)
1014
1033
#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
1034
(PSA_ALG_IS_CIPHER(alg) ? \
1035
(((alg) == PSA_ALG_CBC_PKCS7 || \
1036
(alg) == PSA_ALG_CBC_NO_PADDING || \
1037
(alg) == PSA_ALG_ECB_NO_PADDING) ? \
1038
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1039
input_length) : \
1040
(input_length)) : \
1041
0)
1042
1053
#define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length) \
1054
(PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, input_length))
1055
1073
#define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \
1074
(PSA_ALG_IS_CIPHER(alg) ? \
1075
(alg == PSA_ALG_CBC_PKCS7 ? \
1076
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
1077
0) : \
1078
0)
1079
1085
#define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \
1086
(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
1087
1088
#endif
/* PSA_CRYPTO_SIZES_H */
config.h
Configuration options (set of defines)
Generated on Mon Jun 14 2021 06:33:43 for mbed TLS v2.26.0 by
1.8.10