Mbed TLS v4.0.0
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
crypto_sizes.h
Go to the documentation of this file.
1 
23 /*
24  * Copyright The Mbed TLS Contributors
25  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
26  */
27 
28 #ifndef PSA_CRYPTO_SIZES_H
29 #define PSA_CRYPTO_SIZES_H
30 
31 #include "tf-psa-crypto/build_info.h"
32 
33 #define PSA_BITS_TO_BYTES(bits) (((bits) + 7u) / 8u)
34 #define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8u)
35 #define PSA_MAX_OF_THREE(a, b, c) ((a) <= (b) ? (b) <= (c) ? \
36  (c) : (b) : (a) <= (c) ? (c) : (a))
37 
38 #define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
39  (((length) + (block_size) - 1) / (block_size) * (block_size))
40 
53 #define PSA_HASH_LENGTH(alg) \
54  ( \
55  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16u : \
56  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20u : \
57  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20u : \
58  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28u : \
59  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32u : \
60  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48u : \
61  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64u : \
62  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28u : \
63  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32u : \
64  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28u : \
65  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32u : \
66  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48u : \
67  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64u : \
68  0u)
69 
85 #define PSA_HASH_BLOCK_LENGTH(alg) \
86  ( \
87  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64u : \
88  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64u : \
89  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64u : \
90  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64u : \
91  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64u : \
92  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128u : \
93  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128u : \
94  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128u : \
95  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128u : \
96  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144u : \
97  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136u : \
98  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104u : \
99  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72u : \
100  0u)
101 
109 /* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-224,
110  * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
111  * HMAC-SHA3-512. */
112 /* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE,
113  * see the note on MBEDTLS_MD_MAX_SIZE for details. */
114 #if defined(PSA_WANT_ALG_SHA3_224)
115 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 144u
116 #elif defined(PSA_WANT_ALG_SHA3_256)
117 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 136u
118 #elif defined(PSA_WANT_ALG_SHA_512)
119 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
120 #elif defined(PSA_WANT_ALG_SHA_384)
121 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
122 #elif defined(PSA_WANT_ALG_SHA3_384)
123 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 104u
124 #elif defined(PSA_WANT_ALG_SHA3_512)
125 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 72u
126 #elif defined(PSA_WANT_ALG_SHA_256)
127 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
128 #elif defined(PSA_WANT_ALG_SHA_224)
129 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
130 #else /* SHA-1 or smaller */
131 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
132 #endif
133 
134 #if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA3_512)
135 #define PSA_HASH_MAX_SIZE 64u
136 #elif defined(PSA_WANT_ALG_SHA_384) || defined(PSA_WANT_ALG_SHA3_384)
137 #define PSA_HASH_MAX_SIZE 48u
138 #elif defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA3_256)
139 #define PSA_HASH_MAX_SIZE 32u
140 #elif defined(PSA_WANT_ALG_SHA_224) || defined(PSA_WANT_ALG_SHA3_224)
141 #define PSA_HASH_MAX_SIZE 28u
142 #else /* SHA-1 or smaller */
143 #define PSA_HASH_MAX_SIZE 20u
144 #endif
145 
153 /* All non-HMAC MACs have a maximum size that's smaller than the
154  * minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
155 /* Note that the encoding of truncated MAC algorithms limits this value
156  * to 64 bytes.
157  */
158 #define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
159 
181 #define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) \
182  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
183  PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
184  ((void) (key_bits), 0u))
185 
190 #define PSA_AEAD_TAG_MAX_SIZE 16u
191 
192 /* The maximum size of an RSA key on this implementation, in bits.
193  * This is a vendor-specific macro.
194  *
195  * Mbed TLS does not set a hard limit on the size of RSA keys: any key
196  * whose parameters fit in a bignum is accepted. However large keys can
197  * induce a large memory usage and long computation times. Unlike other
198  * auxiliary macros in this file and in crypto.h, which reflect how the
199  * library is configured, this macro defines how the library is
200  * configured. This implementation refuses to import or generate an
201  * RSA key whose size is larger than the value defined here.
202  *
203  * Note that an implementation may set different size limits for different
204  * operations, and does not need to accept all key sizes up to the limit. */
205 #define PSA_VENDOR_RSA_MAX_KEY_BITS 4096u
206 
207 /* The minimum size of an RSA key on this implementation, in bits.
208  * This is a vendor-specific macro.
209  *
210  * Limits RSA key generation to a minimum due to avoid accidental misuse.
211  * This value cannot be less than 128 bits.
212  */
213 #if defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
214 #define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS MBEDTLS_RSA_GEN_KEY_MIN_BITS
215 #else
216 #define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS 1024
217 #endif
218 
219 /* The maximum size of an DH key on this implementation, in bits.
220  * This is a vendor-specific macro.*/
221 #if defined(PSA_WANT_DH_RFC7919_8192)
222 #define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192u
223 #elif defined(PSA_WANT_DH_RFC7919_6144)
224 #define PSA_VENDOR_FFDH_MAX_KEY_BITS 6144u
225 #elif defined(PSA_WANT_DH_RFC7919_4096)
226 #define PSA_VENDOR_FFDH_MAX_KEY_BITS 4096u
227 #elif defined(PSA_WANT_DH_RFC7919_3072)
228 #define PSA_VENDOR_FFDH_MAX_KEY_BITS 3072u
229 #elif defined(PSA_WANT_DH_RFC7919_2048)
230 #define PSA_VENDOR_FFDH_MAX_KEY_BITS 2048u
231 #else
232 #define PSA_VENDOR_FFDH_MAX_KEY_BITS 0u
233 #endif
234 
235 /* The maximum size of an ECC key on this implementation, in bits.
236  * This is a vendor-specific macro. */
237 #if defined(PSA_WANT_ECC_SECP_R1_521)
238 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 521u
239 #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
240 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 512u
241 #elif defined(PSA_WANT_ECC_MONTGOMERY_448)
242 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 448u
243 #elif defined(PSA_WANT_ECC_SECP_R1_384)
244 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u
245 #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
246 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u
247 #elif defined(PSA_WANT_ECC_SECP_R1_256)
248 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
249 #elif defined(PSA_WANT_ECC_SECP_K1_256)
250 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
251 #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
252 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
253 #elif defined(PSA_WANT_ECC_MONTGOMERY_255)
254 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 255u
255 #elif defined(PSA_WANT_ECC_SECP_R1_192)
256 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u
257 #elif defined(PSA_WANT_ECC_SECP_K1_192)
258 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u
259 #else
260 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 0u
261 #endif
262 
278 #define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128u
279 
280 /* The expected size of input passed to psa_tls12_ecjpake_to_pms_input,
281  * which is expected to work with P-256 curve only. */
282 #define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65u
283 
284 /* The size of a serialized K.X coordinate to be used in
285  * psa_tls12_ecjpake_to_pms_input. This function only accepts the P-256
286  * curve. */
287 #define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32u
288 
289 /* The maximum number of iterations for PBKDF2 on this implementation, in bits.
290  * This is a vendor-specific macro. This can be configured if necessary */
291 #define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffffU
292 
294 #define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16u
295 
317 #define PSA_MAC_LENGTH(key_type, key_bits, alg) \
318  ((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
319  PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
320  PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
321  ((void) (key_type), (void) (key_bits), 0u))
322 
349 #define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \
350  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
351  (plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
352  0u)
353 
372 #define PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length) \
373  ((plaintext_length) + PSA_AEAD_TAG_MAX_SIZE)
374 
375 
402 #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \
403  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
404  (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
405  (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
406  0u)
407 
426 #define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length) \
427  (ciphertext_length)
428 
454 #define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
455  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
456  MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13u : \
457  MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12u : \
458  0u : \
459  (key_type) == PSA_KEY_TYPE_CHACHA20 && \
460  MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12u : \
461  0u)
462 
474 #define PSA_AEAD_NONCE_MAX_SIZE 13u
475 
502 /* For all the AEAD modes defined in this specification, it is possible
503  * to emit output without delay. However, hardware may not always be
504  * capable of this. So for modes based on a block cipher, allow the
505  * implementation to delay the output until it has a full block. */
506 #define PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
507  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
508  PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
509  PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
510  (input_length) : \
511  0u)
512 
523 #define PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length) \
524  (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)))
525 
547 #define PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg) \
548  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
549  PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
550  PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
551  0u)
552 
558 #define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
559 
581 #define PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg) \
582  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
583  PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
584  PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
585  0u)
586 
592 #define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
593 
594 #define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
595  (PSA_ALG_IS_RSA_OAEP(alg) ? \
596  2u * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1u : \
597  11u /*PKCS#1v1.5*/)
598 
607 #define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
608  (PSA_BITS_TO_BYTES(curve_bits) * 2u)
609 
635 #define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
636  (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
637  PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
638  ((void) alg, 0u))
639 
640 #define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
641  PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
642 
650 #define PSA_SIGNATURE_MAX_SIZE 1
651 
652 #if (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)) && \
653  (PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE > PSA_SIGNATURE_MAX_SIZE)
654 #undef PSA_SIGNATURE_MAX_SIZE
655 #define PSA_SIGNATURE_MAX_SIZE PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE
656 #endif
657 #if (defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) || defined(PSA_WANT_ALG_RSA_PSS)) && \
658  (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_SIGNATURE_MAX_SIZE)
659 #undef PSA_SIGNATURE_MAX_SIZE
660 #define PSA_SIGNATURE_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS)
661 #endif
662 
688 #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
689  (PSA_KEY_TYPE_IS_RSA(key_type) ? \
690  ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
691  0u)
692 
698 /* This macro assumes that RSA is the only supported asymmetric encryption. */
699 #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE \
700  (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
701 
727 #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
728  (PSA_KEY_TYPE_IS_RSA(key_type) ? \
729  PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
730  0u)
731 
739 #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE \
740  (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
741 
742 /* Maximum size of the ASN.1 encoding of an INTEGER with the specified
743  * number of bits.
744  *
745  * This definition assumes that bits <= 2^19 - 9 so that the length field
746  * is at most 3 bytes. The length of the encoding is the length of the
747  * bit string padded to a whole number of bytes plus:
748  * - 1 type byte;
749  * - 1 to 3 length bytes;
750  * - 0 to 1 bytes of leading 0 due to the sign bit.
751  */
752 #define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
753  ((bits) / 8u + 5u)
754 
755 /* Maximum size of the export encoding of an RSA public key.
756  * Assumes that the public exponent is less than 2^32.
757  *
758  * RSAPublicKey ::= SEQUENCE {
759  * modulus INTEGER, -- n
760  * publicExponent INTEGER } -- e
761  *
762  * - 4 bytes of SEQUENCE overhead;
763  * - n : INTEGER;
764  * - 7 bytes for the public exponent.
765  */
766 #define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
767  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11u)
768 
769 /* Maximum size of the export encoding of an RSA key pair.
770  * Assumes that the public exponent is less than 2^32 and that the size
771  * difference between the two primes is at most 1 bit.
772  *
773  * RSAPrivateKey ::= SEQUENCE {
774  * version Version, -- 0
775  * modulus INTEGER, -- N-bit
776  * publicExponent INTEGER, -- 32-bit
777  * privateExponent INTEGER, -- N-bit
778  * prime1 INTEGER, -- N/2-bit
779  * prime2 INTEGER, -- N/2-bit
780  * exponent1 INTEGER, -- N/2-bit
781  * exponent2 INTEGER, -- N/2-bit
782  * coefficient INTEGER, -- N/2-bit
783  * }
784  *
785  * - 4 bytes of SEQUENCE overhead;
786  * - 3 bytes of version;
787  * - 7 half-size INTEGERs plus 2 full-size INTEGERs,
788  * overapproximated as 9 half-size INTEGERS;
789  * - 7 bytes for the public exponent.
790  */
791 #define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
792  (9u * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2u + 1u) + 14u)
793 
794 /* Maximum size of the export encoding of a DSA public key.
795  *
796  * SubjectPublicKeyInfo ::= SEQUENCE {
797  * algorithm AlgorithmIdentifier,
798  * subjectPublicKey BIT STRING } -- contains DSAPublicKey
799  * AlgorithmIdentifier ::= SEQUENCE {
800  * algorithm OBJECT IDENTIFIER,
801  * parameters Dss-Params } -- SEQUENCE of 3 INTEGERs
802  * DSAPublicKey ::= INTEGER -- public key, Y
803  *
804  * - 3 * 4 bytes of SEQUENCE overhead;
805  * - 1 + 1 + 7 bytes of algorithm (DSA OID);
806  * - 4 bytes of BIT STRING overhead;
807  * - 3 full-size INTEGERs (p, g, y);
808  * - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
809  */
810 #define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
811  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 59u)
812 
813 /* Maximum size of the export encoding of a DSA key pair.
814  *
815  * DSAPrivateKey ::= SEQUENCE {
816  * version Version, -- 0
817  * prime INTEGER, -- p
818  * subprime INTEGER, -- q
819  * generator INTEGER, -- g
820  * public INTEGER, -- y
821  * private INTEGER, -- x
822  * }
823  *
824  * - 4 bytes of SEQUENCE overhead;
825  * - 3 bytes of version;
826  * - 3 full-size INTEGERs (p, g, y);
827  * - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
828  */
829 #define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
830  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 75u)
831 
832 /* Maximum size of the export encoding of an ECC public key.
833  *
834  * The representation of an ECC public key is:
835  * - The byte 0x04;
836  * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
837  * - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
838  * - where m is the bit size associated with the curve.
839  *
840  * - 1 byte + 2 * point size.
841  */
842 #define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
843  (2u * PSA_BITS_TO_BYTES(key_bits) + 1u)
844 
845 /* Maximum size of the export encoding of an ECC key pair.
846  *
847  * An ECC key pair is represented by the secret value.
848  */
849 #define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
850  (PSA_BITS_TO_BYTES(key_bits))
851 
852 /* Maximum size of the export encoding of an DH key pair.
853  *
854  * An DH key pair is represented by the secret value.
855  */
856 #define PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(key_bits) \
857  (PSA_BITS_TO_BYTES(key_bits))
858 
859 /* Maximum size of the export encoding of an DH public key.
860  */
861 #define PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(key_bits) \
862  (PSA_BITS_TO_BYTES(key_bits))
863 
903 #define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
904  (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
905  PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
906  (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
907  (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
908  (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
909  (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
910  PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
911  PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
912  0u)
913 
959 #define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
960  (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
961  PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
962  PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
963  0u)
964 
973 #define PSA_EXPORT_KEY_PAIR_MAX_SIZE 1
974 
975 #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
976  (PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \
977  PSA_EXPORT_KEY_PAIR_MAX_SIZE)
978 #undef PSA_EXPORT_KEY_PAIR_MAX_SIZE
979 #define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
980  PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
981 #endif
982 #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && \
983  (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
984  PSA_EXPORT_KEY_PAIR_MAX_SIZE)
985 #undef PSA_EXPORT_KEY_PAIR_MAX_SIZE
986 #define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
987  PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)
988 #endif
989 #if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) && \
990  (PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \
991  PSA_EXPORT_KEY_PAIR_MAX_SIZE)
992 #undef PSA_EXPORT_KEY_PAIR_MAX_SIZE
993 #define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
994  PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
995 #endif
996 
1006 #define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE 1
1007 
1008 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
1009  (PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \
1010  PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
1011 #undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
1012 #define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
1013  PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
1014 #endif
1015 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) && \
1016  (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
1017  PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
1018 #undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
1019 #define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
1020  PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)
1021 #endif
1022 #if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) && \
1023  (PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \
1024  PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
1025 #undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
1026 #define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
1027  PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
1028 #endif
1029 
1030 #define PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE \
1031  ((PSA_EXPORT_KEY_PAIR_MAX_SIZE > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) ? \
1032  PSA_EXPORT_KEY_PAIR_MAX_SIZE : PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
1033 
1057 #define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
1058  ((PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) || \
1059  PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type)) ? PSA_BITS_TO_BYTES(key_bits) : 0u)
1060 
1068 #define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE 1
1069 
1070 #if defined(PSA_WANT_ALG_ECDH) && \
1071  (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE)
1072 #undef PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
1073 #define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)
1074 #endif
1075 #if defined(PSA_WANT_ALG_FFDH) && \
1076  (PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE)
1077 #undef PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
1078 #define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS)
1079 #endif
1080 
1093 #if (defined(PSA_WANT_KEY_TYPE_AES) || defined(PSA_WANT_KEY_TYPE_ARIA) || \
1094  defined(PSA_WANT_KEY_TYPE_CAMELLIA) || defined(PSA_WANT_KEY_TYPE_CHACHA20))
1095 #define PSA_CIPHER_MAX_KEY_LENGTH 32u
1096 #else
1097 #define PSA_CIPHER_MAX_KEY_LENGTH 0u
1098 #endif
1099 
1124 #define PSA_CIPHER_IV_LENGTH(key_type, alg) \
1125  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
1126  ((alg) == PSA_ALG_CTR || \
1127  (alg) == PSA_ALG_CFB || \
1128  (alg) == PSA_ALG_OFB || \
1129  (alg) == PSA_ALG_XTS || \
1130  (alg) == PSA_ALG_CBC_NO_PADDING || \
1131  (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
1132  (key_type) == PSA_KEY_TYPE_CHACHA20 && \
1133  (alg) == PSA_ALG_STREAM_CIPHER ? 12u : \
1134  (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13u : \
1135  0u)
1136 
1141 #define PSA_CIPHER_IV_MAX_SIZE 16u
1142 
1166 #define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
1167  (alg == PSA_ALG_CBC_PKCS7 ? \
1168  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
1169  PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1170  (input_length) + 1u) + \
1171  PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0u) : \
1172  (PSA_ALG_IS_CIPHER(alg) ? \
1173  (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
1174  0u))
1175 
1187 #define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
1188  (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
1189  (input_length) + 1u) + \
1190  PSA_CIPHER_IV_MAX_SIZE)
1191 
1211 #define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
1212  (PSA_ALG_IS_CIPHER(alg) && \
1213  ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
1214  (input_length) : \
1215  0u)
1216 
1227 #define PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length) \
1228  (input_length)
1229 
1248 #define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
1249  (PSA_ALG_IS_CIPHER(alg) ? \
1250  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
1251  (((alg) == PSA_ALG_CBC_PKCS7 || \
1252  (alg) == PSA_ALG_CBC_NO_PADDING || \
1253  (alg) == PSA_ALG_ECB_NO_PADDING) ? \
1254  PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1255  input_length) : \
1256  (input_length)) : 0u) : \
1257  0u)
1258 
1269 #define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length) \
1270  (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, input_length))
1271 
1289 #define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \
1290  (PSA_ALG_IS_CIPHER(alg) ? \
1291  (alg == PSA_ALG_CBC_PKCS7 ? \
1292  PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
1293  0u) : \
1294  0u)
1295 
1301 #define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \
1302  (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
1303 
1304 #endif /* PSA_CRYPTO_SIZES_H */
build_info.h
Build-time configuration info.
Generated on Thu Feb 5 2026 15:22:17 for Mbed TLS v4.0.0 by   doxygen 1.8.6