crypto_sizes.h
Go to the documentation of this file.
1 
23 /*
24  * Copyright The Mbed TLS Contributors
25  * Copyright 2022-2024, Texas Instruments Incorporated
26  * SPDX-License-Identifier: Apache-2.0
27  *
28  * Licensed under the Apache License, Version 2.0 (the "License"); you may
29  * not use this file except in compliance with the License.
30  * You may obtain a copy of the License at
31  *
32  * http://www.apache.org/licenses/LICENSE-2.0
33  *
34  * Unless required by applicable law or agreed to in writing, software
35  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
36  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
37  * See the License for the specific language governing permissions and
38  * limitations under the License.
39  *
40  * Modified by Texas Instruments to include MBEDTLS_CONFIG_FILE instead of
41  * "psa/build_info.h".
42  */
43 
44 #ifndef PSA_CRYPTO_SIZES_H
45 #define PSA_CRYPTO_SIZES_H
46 
47 /* clang-format off */
48 
49 /* Include the Mbed TLS configuration file if defined */
50 #if defined(MBEDTLS_CONFIG_FILE)
51  #include MBEDTLS_CONFIG_FILE
52 #endif
53 
54 #define PSA_BITS_TO_BYTES(bits) (((bits) + 7u) / 8u)
55 #define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8u)
56 #define PSA_MAX_OF_THREE(a, b, c) ((a) <= (b) ? (b) <= (c) ? \
57  (c) : (b) : (a) <= (c) ? (c) : (a))
58 
59 #define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
60  (((length) + (block_size) - 1) / (block_size) * (block_size))
61 
74 #define PSA_HASH_LENGTH(alg) \
75  ( \
76  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16u : \
77  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20u : \
78  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20u : \
79  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28u : \
80  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32u : \
81  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48u : \
82  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64u : \
83  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28u : \
84  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32u : \
85  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28u : \
86  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32u : \
87  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48u : \
88  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64u : \
89  0u)
90 
106 #define PSA_HASH_BLOCK_LENGTH(alg) \
107  ( \
108  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64u : \
109  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64u : \
110  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64u : \
111  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64u : \
112  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64u : \
113  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128u : \
114  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128u : \
115  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128u : \
116  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128u : \
117  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144u : \
118  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136u : \
119  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104u : \
120  PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72u : \
121  0u)
122 
130 /* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-224,
131  * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
132  * HMAC-SHA3-512. */
133 /* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE,
134  * see the note on MBEDTLS_MD_MAX_SIZE for details. */
135 #if defined(PSA_WANT_ALG_SHA3_224)
136 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 144u
137 #elif defined(PSA_WANT_ALG_SHA3_256)
138 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 136u
139 #elif defined(PSA_WANT_ALG_SHA_512)
140 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
141 #elif defined(PSA_WANT_ALG_SHA_384)
142 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
143 #elif defined(PSA_WANT_ALG_SHA3_384)
144 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 104u
145 #elif defined(PSA_WANT_ALG_SHA3_512)
146 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 72u
147 #elif defined(PSA_WANT_ALG_SHA_256)
148 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
149 #elif defined(PSA_WANT_ALG_SHA_224)
150 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
151 #else /* SHA-1 or smaller */
152 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
153 #endif
154 
155 #if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA3_512)
156 #define PSA_HASH_MAX_SIZE 64u
157 #elif defined(PSA_WANT_ALG_SHA_384) || defined(PSA_WANT_ALG_SHA3_384)
158 #define PSA_HASH_MAX_SIZE 48u
159 #elif defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA3_256)
160 #define PSA_HASH_MAX_SIZE 32u
161 #elif defined(PSA_WANT_ALG_SHA_224) || defined(PSA_WANT_ALG_SHA3_224)
162 #define PSA_HASH_MAX_SIZE 28u
163 #else /* SHA-1 or smaller */
164 #define PSA_HASH_MAX_SIZE 20u
165 #endif
166 
171 #define PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH(alg) \
172  (((alg == PSA_ALG_SHA_224) || (alg == PSA_ALG_SHA_256)) ? 8u : \
173  ((alg == PSA_ALG_SHA_384) || (alg == PSA_ALG_SHA_512)) ? 16u : \
174  0u)
175 
180 #define PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH(alg) \
181  (((alg == PSA_ALG_SHA_224) || (alg == PSA_ALG_SHA_256)) ? 32u : \
182  ((alg == PSA_ALG_SHA_384) || (alg == PSA_ALG_SHA_512)) ? 64u : \
183  0u)
184 
189 #define PSA_HASH_SUSPEND_OUTPUT_SIZE(alg) \
190  (4u /* 32-bit algorithm */ + \
191  PSA_HASH_SUSPEND_INPUT_LENGTH_FIELD_LENGTH(alg) + \
192  PSA_HASH_SUSPEND_HASH_STATE_FIELD_LENGTH(alg) + \
193  (PSA_HASH_BLOCK_LENGTH(alg) - 1u) /* max unprocessed input */)
194 
199 #define PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE \
200  PSA_HASH_SUSPEND_OUTPUT_SIZE(PSA_ALG_SHA_512)
201 
209 /* All non-HMAC MACs have a maximum size that's smaller than the
210  * minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
211 /* Note that the encoding of truncated MAC algorithms limits this value
212  * to 64 bytes.
213  */
214 #define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
215 
237 #define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) \
238  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
239  PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
240  ((void) (key_bits), 0u))
241 
246 #define PSA_AEAD_TAG_MAX_SIZE 16u
247 
248 /* The maximum size of an RSA key on this implementation, in bits.
249  * This is a vendor-specific macro.
250  *
251  * Mbed TLS does not set a hard limit on the size of RSA keys: any key
252  * whose parameters fit in a bignum is accepted. However large keys can
253  * induce a large memory usage and long computation times. Unlike other
254  * auxiliary macros in this file and in crypto.h, which reflect how the
255  * library is configured, this macro defines how the library is
256  * configured. This implementation refuses to import or generate an
257  * RSA key whose size is larger than the value defined here.
258  *
259  * Note that an implementation may set different size limits for different
260  * operations, and does not need to accept all key sizes up to the limit. */
261 #define PSA_VENDOR_RSA_MAX_KEY_BITS 4096u
262 
263 /* The minimum size of an RSA key on this implementation, in bits.
264  * This is a vendor-specific macro.
265  *
266  * Limits RSA key generation to a minimum due to avoid accidental misuse.
267  * This value cannot be less than 128 bits.
268  */
269 #if defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
270 #define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS MBEDTLS_RSA_GEN_KEY_MIN_BITS
271 #else
272 #define PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS 1024
273 #endif
274 
275 /* The maximum size of an DH key on this implementation, in bits.
276  *
277  * Note that an implementation may set different size limits for different
278  * operations, and does not need to accept all key sizes up to the limit. */
279 #define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192u
280 
281 /* The maximum size of an ECC key on this implementation, in bits.
282  * This is a vendor-specific macro. */
283 #if defined(PSA_WANT_ECC_SECP_R1_521)
284 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 521u
285 #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
286 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 512u
287 #elif defined(PSA_WANT_ECC_MONTGOMERY_448)
288 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 448u
289 #elif defined(PSA_WANT_ECC_SECP_R1_384)
290 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u
291 #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
292 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u
293 #elif defined(PSA_WANT_ECC_SECP_R1_256)
294 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
295 #elif defined(PSA_WANT_ECC_SECP_K1_256)
296 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
297 #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
298 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
299 #elif defined(PSA_WANT_ECC_MONTGOMERY_255)
300 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 255u
301 #elif defined(PSA_WANT_ECC_SECP_R1_224)
302 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u
303 #elif defined(PSA_WANT_ECC_SECP_K1_224)
304 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u
305 #elif defined(PSA_WANT_ECC_SECP_R1_192)
306 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u
307 #elif defined(PSA_WANT_ECC_SECP_K1_192)
308 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u
309 #else
310 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 0u
311 #endif
312 
328 #define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128u
329 
330 /* The expected size of input passed to psa_tls12_ecjpake_to_pms_input,
331  * which is expected to work with P-256 curve only. */
332 #define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65u
333 
334 /* The size of a serialized K.X coordinate to be used in
335  * psa_tls12_ecjpake_to_pms_input. This function only accepts the P-256
336  * curve. */
337 #define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32u
338 
339 /* The maximum number of iterations for PBKDF2 on this implementation, in bits.
340  * This is a vendor-specific macro. This can be configured if necessary */
341 #define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffffU
342 
344 #define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16u
345 
367 #define PSA_MAC_LENGTH(key_type, key_bits, alg) \
368  ((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
369  PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
370  PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
371  ((void) (key_type), (void) (key_bits), 0u))
372 
399 #define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \
400  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
401  (plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
402  0u)
403 
422 #define PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length) \
423  ((plaintext_length) + PSA_AEAD_TAG_MAX_SIZE)
424 
425 
452 #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \
453  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
454  (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
455  (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
456  0u)
457 
476 #define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length) \
477  (ciphertext_length)
478 
504 #define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
505  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
506  MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13u : \
507  MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12u : \
508  0u : \
509  (key_type) == PSA_KEY_TYPE_CHACHA20 && \
510  MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12u : \
511  0u)
512 
524 #define PSA_AEAD_NONCE_MAX_SIZE 13u
525 
552 /* For all the AEAD modes defined in this specification, it is possible
553  * to emit output without delay. However, hardware may not always be
554  * capable of this. So for modes based on a block cipher, allow the
555  * implementation to delay the output until it has a full block. */
556 #define PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
557  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
558  PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
559  PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
560  (input_length) : \
561  0u)
562 
573 #define PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length) \
574  (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)))
575 
597 #define PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg) \
598  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
599  PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
600  PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
601  0u)
602 
608 #define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
609 
631 #define PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg) \
632  (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
633  PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
634  PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
635  0u)
636 
642 #define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
643 
644 #define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
645  (PSA_ALG_IS_RSA_OAEP(alg) ? \
646  2u * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1u : \
647  11u /*PKCS#1v1.5*/)
648 
657 #define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
658  (PSA_BITS_TO_BYTES(curve_bits) * 2u)
659 
685 #define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
686  (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
687  PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
688  ((void) alg, 0u))
689 
690 #define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
691  PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
692 
700 #define PSA_SIGNATURE_MAX_SIZE 1
701 
702 #if (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)) && \
703  (PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE > PSA_SIGNATURE_MAX_SIZE)
704 #undef PSA_SIGNATURE_MAX_SIZE
705 #define PSA_SIGNATURE_MAX_SIZE PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE
706 #endif
707 #if (defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) || defined(PSA_WANT_ALG_RSA_PSS)) && \
708  (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_SIGNATURE_MAX_SIZE)
709 #undef PSA_SIGNATURE_MAX_SIZE
710 #define PSA_SIGNATURE_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS)
711 #endif
712 
738 #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
739  (PSA_KEY_TYPE_IS_RSA(key_type) ? \
740  ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
741  0u)
742 
748 /* This macro assumes that RSA is the only supported asymmetric encryption. */
749 #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE \
750  (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
751 
777 #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
778  (PSA_KEY_TYPE_IS_RSA(key_type) ? \
779  PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
780  0u)
781 
789 #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE \
790  (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
791 
792 /* Maximum size of the ASN.1 encoding of an INTEGER with the specified
793  * number of bits.
794  *
795  * This definition assumes that bits <= 2^19 - 9 so that the length field
796  * is at most 3 bytes. The length of the encoding is the length of the
797  * bit string padded to a whole number of bytes plus:
798  * - 1 type byte;
799  * - 1 to 3 length bytes;
800  * - 0 to 1 bytes of leading 0 due to the sign bit.
801  */
802 #define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
803  ((bits) / 8u + 5u)
804 
805 /* Maximum size of the export encoding of an RSA public key.
806  * Assumes that the public exponent is less than 2^32.
807  *
808  * RSAPublicKey ::= SEQUENCE {
809  * modulus INTEGER, -- n
810  * publicExponent INTEGER } -- e
811  *
812  * - 4 bytes of SEQUENCE overhead;
813  * - n : INTEGER;
814  * - 7 bytes for the public exponent.
815  */
816 #define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
817  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11u)
818 
819 /* Maximum size of the export encoding of an RSA key pair.
820  * Assumes that the public exponent is less than 2^32 and that the size
821  * difference between the two primes is at most 1 bit.
822  *
823  * RSAPrivateKey ::= SEQUENCE {
824  * version Version, -- 0
825  * modulus INTEGER, -- N-bit
826  * publicExponent INTEGER, -- 32-bit
827  * privateExponent INTEGER, -- N-bit
828  * prime1 INTEGER, -- N/2-bit
829  * prime2 INTEGER, -- N/2-bit
830  * exponent1 INTEGER, -- N/2-bit
831  * exponent2 INTEGER, -- N/2-bit
832  * coefficient INTEGER, -- N/2-bit
833  * }
834  *
835  * - 4 bytes of SEQUENCE overhead;
836  * - 3 bytes of version;
837  * - 7 half-size INTEGERs plus 2 full-size INTEGERs,
838  * overapproximated as 9 half-size INTEGERS;
839  * - 7 bytes for the public exponent.
840  */
841 #define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
842  (9u * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2u + 1u) + 14u)
843 
844 /* Maximum size of the export encoding of a DSA public key.
845  *
846  * SubjectPublicKeyInfo ::= SEQUENCE {
847  * algorithm AlgorithmIdentifier,
848  * subjectPublicKey BIT STRING } -- contains DSAPublicKey
849  * AlgorithmIdentifier ::= SEQUENCE {
850  * algorithm OBJECT IDENTIFIER,
851  * parameters Dss-Params } -- SEQUENCE of 3 INTEGERs
852  * DSAPublicKey ::= INTEGER -- public key, Y
853  *
854  * - 3 * 4 bytes of SEQUENCE overhead;
855  * - 1 + 1 + 7 bytes of algorithm (DSA OID);
856  * - 4 bytes of BIT STRING overhead;
857  * - 3 full-size INTEGERs (p, g, y);
858  * - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
859  */
860 #define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
861  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 59u)
862 
863 /* Maximum size of the export encoding of a DSA key pair.
864  *
865  * DSAPrivateKey ::= SEQUENCE {
866  * version Version, -- 0
867  * prime INTEGER, -- p
868  * subprime INTEGER, -- q
869  * generator INTEGER, -- g
870  * public INTEGER, -- y
871  * private INTEGER, -- x
872  * }
873  *
874  * - 4 bytes of SEQUENCE overhead;
875  * - 3 bytes of version;
876  * - 3 full-size INTEGERs (p, g, y);
877  * - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
878  */
879 #define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
880  (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 75u)
881 
882 /* Maximum size of the export encoding of an ECC public key.
883  *
884  * The representation of an ECC public key is:
885  * - The byte 0x04;
886  * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
887  * - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
888  * - where m is the bit size associated with the curve.
889  *
890  * - 1 byte + 2 * point size.
891  */
892 #define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
893  (2u * PSA_BITS_TO_BYTES(key_bits) + 1u)
894 
895 /* Maximum size of the export encoding of an ECC key pair.
896  *
897  * An ECC key pair is represented by the secret value.
898  */
899 #define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
900  (PSA_BITS_TO_BYTES(key_bits))
901 
902 /* Maximum size of the export encoding of an DH key pair.
903  *
904  * An DH key pair is represented by the secret value.
905  */
906 #define PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(key_bits) \
907  (PSA_BITS_TO_BYTES(key_bits))
908 
909 /* Maximum size of the export encoding of an DH public key.
910  */
911 #define PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(key_bits) \
912  (PSA_BITS_TO_BYTES(key_bits))
913 
953 #define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
954  (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
955  PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
956  (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
957  (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
958  (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
959  (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
960  PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
961  PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
962  0u)
963 
1009 #define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
1010  (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
1011  PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
1012  PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
1013  0u)
1014 
1023 #define PSA_EXPORT_KEY_PAIR_MAX_SIZE 1
1024 
1025 #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
1026  (PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \
1027  PSA_EXPORT_KEY_PAIR_MAX_SIZE)
1028 #undef PSA_EXPORT_KEY_PAIR_MAX_SIZE
1029 #define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
1030  PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
1031 #endif
1032 #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && \
1033  (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
1034  PSA_EXPORT_KEY_PAIR_MAX_SIZE)
1035 #undef PSA_EXPORT_KEY_PAIR_MAX_SIZE
1036 #define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
1037  PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)
1038 #endif
1039 #if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) && \
1040  (PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \
1041  PSA_EXPORT_KEY_PAIR_MAX_SIZE)
1042 #undef PSA_EXPORT_KEY_PAIR_MAX_SIZE
1043 #define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
1044  PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
1045 #endif
1046 
1056 #define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE 1
1057 
1058 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
1059  (PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \
1060  PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
1061 #undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
1062 #define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
1063  PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
1064 #endif
1065 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) && \
1066  (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
1067  PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
1068 #undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
1069 #define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
1070  PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)
1071 #endif
1072 #if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) && \
1073  (PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \
1074  PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
1075 #undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
1076 #define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
1077  PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
1078 #endif
1079 
1103 #define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
1104  ((PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) || \
1105  PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type)) ? PSA_BITS_TO_BYTES(key_bits) : 0u)
1106 
1114 #define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE 1
1115 
1116 #if defined(PSA_WANT_ALG_ECDH) && \
1117  (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE)
1118 #undef PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
1119 #define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)
1120 #endif
1121 #if defined(PSA_WANT_ALG_FFDH) && \
1122  (PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE)
1123 #undef PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
1124 #define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS)
1125 #endif
1126 
1151 #define PSA_CIPHER_IV_LENGTH(key_type, alg) \
1152  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
1153  ((alg) == PSA_ALG_CTR || \
1154  (alg) == PSA_ALG_CFB || \
1155  (alg) == PSA_ALG_OFB || \
1156  (alg) == PSA_ALG_XTS || \
1157  (alg) == PSA_ALG_CBC_NO_PADDING || \
1158  (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
1159  (key_type) == PSA_KEY_TYPE_CHACHA20 && \
1160  (alg) == PSA_ALG_STREAM_CIPHER ? 12u : \
1161  (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13u : \
1162  0u)
1163 
1168 #define PSA_CIPHER_IV_MAX_SIZE 16u
1169 
1193 #define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
1194  (alg == PSA_ALG_CBC_PKCS7 ? \
1195  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
1196  PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1197  (input_length) + 1u) + \
1198  PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0u) : \
1199  (PSA_ALG_IS_CIPHER(alg) ? \
1200  (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
1201  0u))
1202 
1214 #define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
1215  (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
1216  (input_length) + 1u) + \
1217  PSA_CIPHER_IV_MAX_SIZE)
1218 
1238 #define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
1239  (PSA_ALG_IS_CIPHER(alg) && \
1240  ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
1241  (input_length) : \
1242  0u)
1243 
1254 #define PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length) \
1255  (input_length)
1256 
1275 #define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
1276  (PSA_ALG_IS_CIPHER(alg) ? \
1277  (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
1278  (((alg) == PSA_ALG_CBC_PKCS7 || \
1279  (alg) == PSA_ALG_CBC_NO_PADDING || \
1280  (alg) == PSA_ALG_ECB_NO_PADDING) ? \
1281  PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
1282  input_length) : \
1283  (input_length)) : 0u) : \
1284  0u)
1285 
1296 #define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length) \
1297  (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, input_length))
1298 
1316 #define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \
1317  (PSA_ALG_IS_CIPHER(alg) ? \
1318  (alg == PSA_ALG_CBC_PKCS7 ? \
1319  PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
1320  0u) : \
1321  0u)
1322 
1328 #define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \
1329  (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
1330 
1331 #endif /* PSA_CRYPTO_SIZES_H */
© Copyright 1995-2026, Texas Instruments Incorporated. All rights reserved.
Trademarks | Privacy policy | Terms of use | Terms of sale