CMSIS-mbedTLS/latest/crypto__sizes_8h_source.html

 /*

  *  Copyright The Mbed TLS Contributors

  *  SPDX-License-Identifier: Apache-2.0

  *

  *  Licensed under the Apache License, Version 2.0 (the "License"); you may

  *  not use this file except in compliance with the License.

  *  You may obtain a copy of the License at

  *

  *  http://www.apache.org/licenses/LICENSE-2.0

  *

  *  Unless required by applicable law or agreed to in writing, software

  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT

  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  *  See the License for the specific language governing permissions and

  *  limitations under the License.

  */


 #ifndef PSA_CRYPTO_SIZES_H

 #define PSA_CRYPTO_SIZES_H


 /* Include the Mbed TLS configuration file, the way Mbed TLS does it

  * in each of its header files. */

 #include "mbedtls/build_info.h"


 #define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)

 #define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)


 #define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \

     (((length) + (block_size) - 1) / (block_size) * (block_size))


 #define PSA_HASH_LENGTH(alg)                                        \

     (                                                               \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 :            \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 :      \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 :          \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 :        \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 :        \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 :        \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 :        \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 :    \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 :    \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 :       \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 :       \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 :       \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 :       \

         0)


 #define PSA_HASH_BLOCK_LENGTH(alg)                                  \

     (                                                               \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 :            \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 :      \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 :          \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 :        \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 :        \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 :       \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 :       \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 :   \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 :   \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 :      \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 :      \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 :      \

         PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 :       \

         0)


 /* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,

  * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for

  * HMAC-SHA3-512. */

 #if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_384)

 #define PSA_HASH_MAX_SIZE 64

 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128

 #else

 #define PSA_HASH_MAX_SIZE 32

 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64

 #endif


 /* All non-HMAC MACs have a maximum size that's smaller than the

  * minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */

 /* Note that the encoding of truncated MAC algorithms limits this value

  * to 64 bytes.

  */

 #define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE


 #define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg)                        \

     (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ?                            \

      PSA_ALG_AEAD_GET_TAG_LENGTH(alg) :                                     \

      ((void) (key_bits), 0))


 #define PSA_AEAD_TAG_MAX_SIZE       16


 /* The maximum size of an RSA key on this implementation, in bits.

  * This is a vendor-specific macro.

  *

  * Mbed TLS does not set a hard limit on the size of RSA keys: any key

  * whose parameters fit in a bignum is accepted. However large keys can

  * induce a large memory usage and long computation times. Unlike other

  * auxiliary macros in this file and in crypto.h, which reflect how the

  * library is configured, this macro defines how the library is

  * configured. This implementation refuses to import or generate an

  * RSA key whose size is larger than the value defined here.

  *

  * Note that an implementation may set different size limits for different

  * operations, and does not need to accept all key sizes up to the limit. */

 #define PSA_VENDOR_RSA_MAX_KEY_BITS 4096


 /* The maximum size of an ECC key on this implementation, in bits.

  * This is a vendor-specific macro. */

 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)

 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 521

 #elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)

 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 512

 #elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)

 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 448

 #elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)

 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384

 #elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)

 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384

 #elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)

 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256

 #elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)

 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256

 #elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)

 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256

 #elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)

 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 255

 #elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)

 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 224

 #elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)

 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 224

 #elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)

 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192

 #elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)

 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192

 #else

 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 0

 #endif


 #define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128


 #define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16


 #define PSA_MAC_LENGTH(key_type, key_bits, alg)                                   \

     ((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) :        \

      PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) :         \

      PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \

      ((void)(key_type), (void)(key_bits), 0))


 #define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \

     (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ?                      \

      (plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) :          \

      0)


 #define PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length)          \

     ((plaintext_length) + PSA_AEAD_TAG_MAX_SIZE)


 #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \

     (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 &&                      \

          (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ?      \

          (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) :      \

      0)


 #define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length)     \

      (ciphertext_length)


 #define PSA_AEAD_NONCE_LENGTH(key_type, alg) \

     (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \

           MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13 : \

           MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12 : \

           0 : \

      (key_type) == PSA_KEY_TYPE_CHACHA20 && \

           MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12 : \

      0)


 #define PSA_AEAD_NONCE_MAX_SIZE 13


 /* For all the AEAD modes defined in this specification, it is possible

  * to emit output without delay. However, hardware may not always be

  * capable of this. So for modes based on a block cipher, allow the

  * implementation to delay the output until it has a full block. */

 #define PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_length)                             \

     (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ?                                             \

          PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ?                                              \

          PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \

          (input_length) : \

      0)


 #define PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length)                           \

     (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)))


 #define PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg) \

     (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 &&  \

          PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ?    \

          PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \

      0)


 #define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE     (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)


 #define PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg) \

     (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 &&  \

          PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ?    \

          PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \

      0)


 #define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE     (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)


 #define PSA_RSA_MINIMUM_PADDING_SIZE(alg)                         \

     (PSA_ALG_IS_RSA_OAEP(alg) ?                                   \

      2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 :    \

      11 /*PKCS#1v1.5*/)


 #define PSA_ECDSA_SIGNATURE_SIZE(curve_bits)    \

     (PSA_BITS_TO_BYTES(curve_bits) * 2)


 #define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg)        \

     (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \

      PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \

      ((void)alg, 0))


 #define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE     \

     PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)


 #define PSA_SIGNATURE_MAX_SIZE                               \

     (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \

      PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) :                   \

      PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE)


 #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg)     \

     (PSA_KEY_TYPE_IS_RSA(key_type) ?                                    \

      ((void)alg, PSA_BITS_TO_BYTES(key_bits)) :                         \

      0)


 /* This macro assumes that RSA is the only supported asymmetric encryption. */

 #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE          \

     (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))


 #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)     \

     (PSA_KEY_TYPE_IS_RSA(key_type) ?                                    \

      PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) :  \

      0)


 #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE          \

     (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))


 /* Maximum size of the ASN.1 encoding of an INTEGER with the specified

  * number of bits.

  *

  * This definition assumes that bits <= 2^19 - 9 so that the length field

  * is at most 3 bytes. The length of the encoding is the length of the

  * bit string padded to a whole number of bytes plus:

  * - 1 type byte;

  * - 1 to 3 length bytes;

  * - 0 to 1 bytes of leading 0 due to the sign bit.

  */

 #define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits)      \

     ((bits) / 8 + 5)


 /* Maximum size of the export encoding of an RSA public key.

  * Assumes that the public exponent is less than 2^32.

  *

  * RSAPublicKey  ::=  SEQUENCE  {

  *    modulus            INTEGER,    -- n

  *    publicExponent     INTEGER  }  -- e

  *

  * - 4 bytes of SEQUENCE overhead;

  * - n : INTEGER;

  * - 7 bytes for the public exponent.

  */

 #define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits)        \

     (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)


 /* Maximum size of the export encoding of an RSA key pair.

  * Assumes thatthe public exponent is less than 2^32 and that the size

  * difference between the two primes is at most 1 bit.

  *

  * RSAPrivateKey ::= SEQUENCE {

  *     version           Version,  -- 0

  *     modulus           INTEGER,  -- N-bit

  *     publicExponent    INTEGER,  -- 32-bit

  *     privateExponent   INTEGER,  -- N-bit

  *     prime1            INTEGER,  -- N/2-bit

  *     prime2            INTEGER,  -- N/2-bit

  *     exponent1         INTEGER,  -- N/2-bit

  *     exponent2         INTEGER,  -- N/2-bit

  *     coefficient       INTEGER,  -- N/2-bit

  * }

  *

  * - 4 bytes of SEQUENCE overhead;

  * - 3 bytes of version;

  * - 7 half-size INTEGERs plus 2 full-size INTEGERs,

  *   overapproximated as 9 half-size INTEGERS;

  * - 7 bytes for the public exponent.

  */

 #define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits)   \

     (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)


 /* Maximum size of the export encoding of a DSA public key.

  *

  * SubjectPublicKeyInfo  ::=  SEQUENCE  {

  *      algorithm            AlgorithmIdentifier,

  *      subjectPublicKey     BIT STRING  } -- contains DSAPublicKey

  * AlgorithmIdentifier  ::=  SEQUENCE  {

  *      algorithm               OBJECT IDENTIFIER,

  *      parameters              Dss-Parms  } -- SEQUENCE of 3 INTEGERs

  * DSAPublicKey  ::=  INTEGER -- public key, Y

  *

  * - 3 * 4 bytes of SEQUENCE overhead;

  * - 1 + 1 + 7 bytes of algorithm (DSA OID);

  * - 4 bytes of BIT STRING overhead;

  * - 3 full-size INTEGERs (p, g, y);

  * - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).

  */

 #define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits)        \

     (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)


 /* Maximum size of the export encoding of a DSA key pair.

  *

  * DSAPrivateKey ::= SEQUENCE {

  *     version             Version,  -- 0

  *     prime               INTEGER,  -- p

  *     subprime            INTEGER,  -- q

  *     generator           INTEGER,  -- g

  *     public              INTEGER,  -- y

  *     private             INTEGER,  -- x

  * }

  *

  * - 4 bytes of SEQUENCE overhead;

  * - 3 bytes of version;

  * - 3 full-size INTEGERs (p, g, y);

  * - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).

  */

 #define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits)   \

     (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)


 /* Maximum size of the export encoding of an ECC public key.

  *

  * The representation of an ECC public key is:

  *      - The byte 0x04;

  *      - `x_P` as a `ceiling(m/8)`-byte string, big-endian;

  *      - `y_P` as a `ceiling(m/8)`-byte string, big-endian;

  *      - where m is the bit size associated with the curve.

  *

  * - 1 byte + 2 * point size.

  */

 #define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits)        \

     (2 * PSA_BITS_TO_BYTES(key_bits) + 1)


 /* Maximum size of the export encoding of an ECC key pair.

  *

  * An ECC key pair is represented by the secret value.

  */

 #define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits)   \

     (PSA_BITS_TO_BYTES(key_bits))


 #define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits)                                              \

     (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) :                         \

      (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) :     \

      (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \

      (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) :     \

      (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \

      PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) :      \

      PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) :  \

      0)


 #define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits)                           \

     (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \

      PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \

      0)


 #define PSA_EXPORT_KEY_PAIR_MAX_SIZE                                            \

     (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) >        \

      PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ?      \

      PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) :        \

      PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))


 #define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE                                          \

     (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) >      \

      PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ?    \

      PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) :      \

      PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))


 /* FFDH is not yet supported in PSA. */

 #define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits)   \

     (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ?                   \

      PSA_BITS_TO_BYTES(key_bits) :                              \

      0)


 #define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE   \

     (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS))


 #define PSA_CIPHER_IV_LENGTH(key_type, alg) \

     (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \

         ((alg) == PSA_ALG_CTR || \

          (alg) == PSA_ALG_CFB || \

          (alg) == PSA_ALG_OFB || \

          (alg) == PSA_ALG_XTS || \

          (alg) == PSA_ALG_CBC_NO_PADDING || \

          (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \

      (key_type) == PSA_KEY_TYPE_CHACHA20 && \

          (alg) == PSA_ALG_STREAM_CIPHER ? 12 : \

          (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13 : \

          0)


 #define PSA_CIPHER_IV_MAX_SIZE 16


 #define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length)             \

     (alg == PSA_ALG_CBC_PKCS7 ?                                                 \

      (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ?                            \

      PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type),          \

                               (input_length) + 1) +                             \

      PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0) :                             \

      (PSA_ALG_IS_CIPHER(alg) ?                                                  \

       (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) :                \

      0))


 #define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length)                        \

     (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE,                  \

                               (input_length) + 1) +                             \

      PSA_CIPHER_IV_MAX_SIZE)


 #define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length)                 \

     (PSA_ALG_IS_CIPHER(alg) &&                                                      \

      ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \

      (input_length) :                                                               \

      0)


 #define PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length)    \

     (input_length)


 #define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length)              \

     (PSA_ALG_IS_CIPHER(alg) ?                                                   \

     (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ?                             \

      (((alg) == PSA_ALG_CBC_PKCS7      ||                                       \

        (alg) == PSA_ALG_CBC_NO_PADDING ||                                       \

        (alg) == PSA_ALG_ECB_NO_PADDING) ?                                       \

       PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type),         \

                                 input_length) :                                 \

       (input_length)) : 0) :                                                    \

      0)


 #define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length)     \

     (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, input_length))


 #define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg)    \

     (PSA_ALG_IS_CIPHER(alg) ?                           \

      (alg == PSA_ALG_CBC_PKCS7 ?                        \

       PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) :         \

       0) :                                              \

      0)


 #define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE           \

     (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)


 #endif /* PSA_CRYPTO_SIZES_H */

build_info.h
Build-time configuration info.