mbed TLS v2.26.0
crypto_sizes.h
Go to the documentation of this file.
1 
23 /*
24  * Copyright The Mbed TLS Contributors
25  * SPDX-License-Identifier: Apache-2.0
26  *
27  * Licensed under the Apache License, Version 2.0 (the "License"); you may
28  * not use this file except in compliance with the License.
29  * You may obtain a copy of the License at
30  *
31  * http://www.apache.org/licenses/LICENSE-2.0
32  *
33  * Unless required by applicable law or agreed to in writing, software
34  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
35  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
36  * See the License for the specific language governing permissions and
37  * limitations under the License.
38  */
39 
40 #ifndef PSA_CRYPTO_SIZES_H
41 #define PSA_CRYPTO_SIZES_H
42 
43 /* Include the Mbed TLS configuration file, the way Mbed TLS does it
44  * in each of its header files. */
45 #if !defined(MBEDTLS_CONFIG_FILE)
46 #include "mbedtls/config.h"
47 #else
48 #include MBEDTLS_CONFIG_FILE
49 #endif
50 
51 #define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
52 #define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
53 
54 #define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
55  (((length) + (block_size) - 1) / (block_size) * (block_size))
56 
69 #define PSA_HASH_LENGTH(alg) \
70  ( \
71  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
72  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \
73  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
74  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
75  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
76  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
77  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
78  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
79  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
80  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
81  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
82  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
83  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
84  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
85  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
86  0)
87 
95 /* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
96  * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
97  * HMAC-SHA3-512. */
98 #if defined(MBEDTLS_SHA512_C)
99 #define PSA_HASH_MAX_SIZE 64
100 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
101 #else
102 #define PSA_HASH_MAX_SIZE 32
103 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
104 #endif
105 
113 /* All non-HMAC MACs have a maximum size that's smaller than the
114  * minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
115 /* Note that the encoding of truncated MAC algorithms limits this value
116  * to 64 bytes.
117  */
118 #define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
119 
132 #define PSA_AEAD_TAG_LENGTH(alg) \
133  (PSA_ALG_IS_AEAD(alg) ? \
134  (((alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> PSA_AEAD_TAG_LENGTH_OFFSET) : \
135  0)
136 
141 #define PSA_AEAD_TAG_MAX_SIZE 16
142 
143 /* The maximum size of an RSA key on this implementation, in bits.
144  * This is a vendor-specific macro.
145  *
146  * Mbed TLS does not set a hard limit on the size of RSA keys: any key
147  * whose parameters fit in a bignum is accepted. However large keys can
148  * induce a large memory usage and long computation times. Unlike other
149  * auxiliary macros in this file and in crypto.h, which reflect how the
150  * library is configured, this macro defines how the library is
151  * configured. This implementation refuses to import or generate an
152  * RSA key whose size is larger than the value defined here.
153  *
154  * Note that an implementation may set different size limits for different
155  * operations, and does not need to accept all key sizes up to the limit. */
156 #define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
157 
158 /* The maximum size of an ECC key on this implementation, in bits.
159  * This is a vendor-specific macro. */
160 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
161 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
162 #elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
163 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
164 #elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
165 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
166 #elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
167 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
168 #elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
169 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
170 #elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
171 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
172 #elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
173 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
174 #elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
175 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
176 #elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
177 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
178 #elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
179 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
180 #elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
181 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
182 #elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
183 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
184 #elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
185 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
186 #else
187 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
188 #endif
189 
205 #define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
206 
208 #define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
209 
231 #define PSA_MAC_LENGTH(key_type, key_bits, alg) \
232  ((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
233  PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
234  PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
235  ((void)(key_type), (void)(key_bits), 0))
236 
257 #define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
258  (PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
259  (plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \
260  0)
261 
279 #define PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length) \
280  ((plaintext_length) + PSA_AEAD_TAG_MAX_SIZE)
281 
282 
303 #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
304  (PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
305  (ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : \
306  0)
307 
325 #define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length) \
326  (ciphertext_length)
327 
353 #define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
354  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 && \
355  (PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CCM || \
356  PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_GCM) ? 12 : \
357  (key_type) == PSA_KEY_TYPE_CHACHA20 && \
358  PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \
359  0)
360 
372 #define PSA_AEAD_NONCE_MAX_SIZE 12
373 
394 /* For all the AEAD modes defined in this specification, it is possible
395  * to emit output without delay. However, hardware may not always be
396  * capable of this. So for modes based on a block cipher, allow the
397  * implementation to delay the output until it has a full block. */
398 #define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \
399  (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
400  PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)) : \
401  (input_length))
402 
413 #define PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length) \
414  (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)))
415 
431 #define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \
432  (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
433  PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
434  0)
435 
441 #define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
442 
458 #define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg) \
459  (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
460  PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
461  0)
462 
468 #define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
469 
470 #define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
471  (PSA_ALG_IS_RSA_OAEP(alg) ? \
472  2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
473  11 /*PKCS#1v1.5*/)
474 
483 #define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
484  (PSA_BITS_TO_BYTES(curve_bits) * 2)
485 
511 #define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
512  (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
513  PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
514  ((void)alg, 0))
515 
516 #define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
517  PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
518 
526 #define PSA_SIGNATURE_MAX_SIZE \
527  (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
528  PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
529  PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE)
530 
556 #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
557  (PSA_KEY_TYPE_IS_RSA(key_type) ? \
558  ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
559  0)
560 
566 /* This macro assumes that RSA is the only supported asymmetric encryption. */
567 #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE \
568  (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
569 
595 #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
596  (PSA_KEY_TYPE_IS_RSA(key_type) ? \
597  PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
598  0)
599 
607 #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE \
608  (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
609 
610 /* Maximum size of the ASN.1 encoding of an INTEGER with the specified
611  * number of bits.
612  *
613  * This definition assumes that bits <= 2^19 - 9 so that the length field
614  * is at most 3 bytes. The length of the encoding is the length of the
615  * bit string padded to a whole number of bytes plus:
616  * - 1 type byte;
617  * - 1 to 3 length bytes;
618  * - 0 to 1 bytes of leading 0 due to the sign bit.
619  */
620 #define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
621  ((bits) / 8 + 5)
622 
623 /* Maximum size of the export encoding of an RSA public key.
624  * Assumes that the public exponent is less than 2^32.
625  *
626  * RSAPublicKey ::= SEQUENCE {
627  * modulus INTEGER, -- n
628  * publicExponent INTEGER } -- e
629  *
630  * - 4 bytes of SEQUENCE overhead;
631  * - n : INTEGER;
632  * - 7 bytes for the public exponent.
633  */
634 #define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
635  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
636 
637 /* Maximum size of the export encoding of an RSA key pair.
638  * Assumes thatthe public exponent is less than 2^32 and that the size
639  * difference between the two primes is at most 1 bit.
640  *
641  * RSAPrivateKey ::= SEQUENCE {
642  * version Version, -- 0
643  * modulus INTEGER, -- N-bit
644  * publicExponent INTEGER, -- 32-bit
645  * privateExponent INTEGER, -- N-bit
646  * prime1 INTEGER, -- N/2-bit
647  * prime2 INTEGER, -- N/2-bit
648  * exponent1 INTEGER, -- N/2-bit
649  * exponent2 INTEGER, -- N/2-bit
650  * coefficient INTEGER, -- N/2-bit
651  * }
652  *
653  * - 4 bytes of SEQUENCE overhead;
654  * - 3 bytes of version;
655  * - 7 half-size INTEGERs plus 2 full-size INTEGERs,
656  * overapproximated as 9 half-size INTEGERS;
657  * - 7 bytes for the public exponent.
658  */
659 #define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
660  (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
661 
662 /* Maximum size of the export encoding of a DSA public key.
663  *
664  * SubjectPublicKeyInfo ::= SEQUENCE {
665  * algorithm AlgorithmIdentifier,
666  * subjectPublicKey BIT STRING } -- contains DSAPublicKey
667  * AlgorithmIdentifier ::= SEQUENCE {
668  * algorithm OBJECT IDENTIFIER,
669  * parameters Dss-Parms } -- SEQUENCE of 3 INTEGERs
670  * DSAPublicKey ::= INTEGER -- public key, Y
671  *
672  * - 3 * 4 bytes of SEQUENCE overhead;
673  * - 1 + 1 + 7 bytes of algorithm (DSA OID);
674  * - 4 bytes of BIT STRING overhead;
675  * - 3 full-size INTEGERs (p, g, y);
676  * - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
677  */
678 #define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
679  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
680 
681 /* Maximum size of the export encoding of a DSA key pair.
682  *
683  * DSAPrivateKey ::= SEQUENCE {
684  * version Version, -- 0
685  * prime INTEGER, -- p
686  * subprime INTEGER, -- q
687  * generator INTEGER, -- g
688  * public INTEGER, -- y
689  * private INTEGER, -- x
690  * }
691  *
692  * - 4 bytes of SEQUENCE overhead;
693  * - 3 bytes of version;
694  * - 3 full-size INTEGERs (p, g, y);
695  * - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
696  */
697 #define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
698  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
699 
700 /* Maximum size of the export encoding of an ECC public key.
701  *
702  * The representation of an ECC public key is:
703  * - The byte 0x04;
704  * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
705  * - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
706  * - where m is the bit size associated with the curve.
707  *
708  * - 1 byte + 2 * point size.
709  */
710 #define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
711  (2 * PSA_BITS_TO_BYTES(key_bits) + 1)
712 
713 /* Maximum size of the export encoding of an ECC key pair.
714  *
715  * An ECC key pair is represented by the secret value.
716  */
717 #define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
718  (PSA_BITS_TO_BYTES(key_bits))
719 
759 #define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
760  (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
761  (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
762  (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
763  (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
764  (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
765  PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
766  PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
767  0)
768 
814 #define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
815  (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
816  PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
817  0)
818 
827 #define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
828  (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
829  PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
830  PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
831  PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
832 
842 #define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
843  (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
844  PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
845  PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
846  PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
847 
871 /* FFDH is not yet supported in PSA. */
872 #define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
873  (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \
874  PSA_BITS_TO_BYTES(key_bits) : \
875  0)
876 
884 #define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \
885  (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS))
886 
911 #define PSA_CIPHER_IV_LENGTH(key_type, alg) \
912  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
913  ((alg) == PSA_ALG_CTR || \
914  (alg) == PSA_ALG_CFB || \
915  (alg) == PSA_ALG_OFB || \
916  (alg) == PSA_ALG_XTS || \
917  (alg) == PSA_ALG_CBC_NO_PADDING || \
918  (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
919  (key_type) == PSA_KEY_TYPE_CHACHA20 && \
920  (alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
921  0)
922 
927 #define PSA_CIPHER_IV_MAX_SIZE 16
928 
952 #define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
953  (alg == PSA_ALG_CBC_PKCS7 ? \
954  PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
955  (input_length) + 1) + \
956  PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
957  (PSA_ALG_IS_CIPHER(alg) ? \
958  (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
959  0))
960 
972 #define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
973  (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
974  (input_length) + 1) + \
975  PSA_CIPHER_IV_MAX_SIZE)
976 
996 #define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
997  (PSA_ALG_IS_CIPHER(alg) && \
998  ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
999  (input_length) : \
1000  0)
1001 
1012 #define PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length) \
1013  (input_length)
1014 
1033 #define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
1034  (PSA_ALG_IS_CIPHER(alg) ? \
1035  (((alg) == PSA_ALG_CBC_PKCS7 || \
1036  (alg) == PSA_ALG_CBC_NO_PADDING || \
1037  (alg) == PSA_ALG_ECB_NO_PADDING) ? \
1038  PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1039  input_length) : \
1040  (input_length)) : \
1041  0)
1042 
1053 #define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length) \
1054  (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, input_length))
1055 
1073 #define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \
1074  (PSA_ALG_IS_CIPHER(alg) ? \
1075  (alg == PSA_ALG_CBC_PKCS7 ? \
1076  PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
1077  0) : \
1078  0)
1079 
1085 #define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \
1086  (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
1087 
1088 #endif /* PSA_CRYPTO_SIZES_H */
Configuration options (set of defines)