Mbed OS Reference
Loading...
Searching...
No Matches
Macros
crypto_sizes.h File Reference

PSA cryptography module: Mbed TLS buffer size macros. More...

#include "mbedtls/config.h"

Go to the source code of this file.

Macros

#define PSA_HASH_SIZE(alg)
 The size of the output of psa_hash_finish(), in bytes. More...
 
#define PSA_HASH_MAX_SIZE   32
 Maximum size of a hash. More...
 
#define PSA_MAC_MAX_SIZE   PSA_HASH_MAX_SIZE
 Maximum size of a MAC. More...
 
#define PSA_AEAD_TAG_LENGTH(alg)
 The tag size for an AEAD algorithm, in bytes. More...
 
#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN   128
 This macro returns the maximum length of the PSK supported by the TLS-1.2 PSK-to-MS key derivation. More...
 
#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE   16
 The maximum size of a block cipher supported by the implementation. More...
 
#define PSA_MAC_FINAL_SIZE(key_type, key_bits, alg)
 The size of the output of psa_mac_sign_finish(), in bytes. More...
 
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length)
 The maximum size of the output of psa_aead_encrypt(), in bytes. More...
 
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length)
 The maximum size of the output of psa_aead_decrypt(), in bytes. More...
 
#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length)
 A sufficient output buffer size for psa_aead_update(). More...
 
#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg)
 A sufficient ciphertext buffer size for psa_aead_finish(). More...
 
#define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg)
 A sufficient plaintext buffer size for psa_aead_verify(). More...
 
#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits)    (PSA_BITS_TO_BYTES(curve_bits) * 2)
 ECDSA signature size for a given curve bit size. More...
 
#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg)
 Sufficient signature buffer size for psa_sign_hash(). More...
 
#define PSA_SIGNATURE_MAX_SIZE
 Maximum size of an asymmetric signature. More...
 
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg)
 Sufficient output buffer size for psa_asymmetric_encrypt(). More...
 
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)
 Sufficient output buffer size for psa_asymmetric_decrypt(). More...
 
#define PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits)
 Sufficient output buffer size for psa_export_key() or psa_export_public_key(). More...
 
#define PSA_AEAD_NONCE_LENGTH(key_type, alg)
 The default nonce size for an AEAD algorithm, in bytes. More...
 
#define PSA_AEAD_NONCE_MAX_SIZE   12
 The maximum default nonce size among all supported pairs of key types and AEAD algorithms, in bytes. More...
 
#define PSA_CIPHER_IV_LENGTH(key_type, alg)
 The default IV size for a cipher algorithm, in bytes. More...
 
#define PSA_CIPHER_IV_MAX_SIZE   16
 The maximum IV size for all supported cipher algorithms, in bytes. More...
 

Detailed Description

PSA cryptography module: Mbed TLS buffer size macros.

Note
This file may not be included directly. Applications must include psa/crypto.h.

This file contains the definitions of macros that are useful to compute buffer sizes. The signatures and semantics of these macros are standardized, but the definitions are not, because they depend on the available algorithms and, in some cases, on permitted tolerances on buffer sizes.

In implementations with isolation between the application and the cryptography module, implementers should take care to ensure that the definitions that are exposed to applications match what the module implements.

Macros that compute sizes whose values do not depend on the implementation are in crypto.h.

Definition in file crypto_sizes.h.

Macro Definition Documentation

◆ PSA_HASH_SIZE

#define PSA_HASH_SIZE (   alg)
Value:
( \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
0)
PSA_ALG_SHA3_224
#define PSA_ALG_SHA3_224
SHA3-224.
Definition: crypto_values.h:745
PSA_ALG_SHA_224
#define PSA_ALG_SHA_224
SHA2-224.
Definition: crypto_values.h:733
PSA_ALG_SHA3_512
#define PSA_ALG_SHA3_512
SHA3-512.
Definition: crypto_values.h:751
PSA_ALG_SHA_1
#define PSA_ALG_SHA_1
SHA1.
Definition: crypto_values.h:731
PSA_ALG_SHA_512_224
#define PSA_ALG_SHA_512_224
SHA2-512/224.
Definition: crypto_values.h:741
PSA_ALG_SHA_384
#define PSA_ALG_SHA_384
SHA2-384.
Definition: crypto_values.h:737
PSA_ALG_SHA_512_256
#define PSA_ALG_SHA_512_256
SHA2-512/256.
Definition: crypto_values.h:743
PSA_ALG_SHA_256
#define PSA_ALG_SHA_256
SHA2-256.
Definition: crypto_values.h:735
PSA_ALG_RIPEMD160
#define PSA_ALG_RIPEMD160
PSA_ALG_RIPEMD160.
Definition: crypto_values.h:729
PSA_ALG_MD4
#define PSA_ALG_MD4
MD4.
Definition: crypto_values.h:725
PSA_ALG_SHA3_256
#define PSA_ALG_SHA3_256
SHA3-256.
Definition: crypto_values.h:747
PSA_ALG_MD2
#define PSA_ALG_MD2
MD2.
Definition: crypto_values.h:723
PSA_ALG_SHA3_384
#define PSA_ALG_SHA3_384
SHA3-384.
Definition: crypto_values.h:749
PSA_ALG_MD5
#define PSA_ALG_MD5
MD5.
Definition: crypto_values.h:727
PSA_ALG_SHA_512
#define PSA_ALG_SHA_512
SHA2-512.
Definition: crypto_values.h:739

The size of the output of psa_hash_finish(), in bytes.

This is also the hash size that psa_hash_verify() expects.

Parameters
algA hash algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_HASH(alg) is true), or an HMAC algorithm (PSA_ALG_HMAC(hash_alg) where hash_alg is a hash algorithm).
Returns
The hash size for the specified hash algorithm. If the hash algorithm is not recognized, return 0. An implementation may return either 0 or the correct size for a hash algorithm that it recognizes, but does not support.

Definition at line 71 of file crypto_sizes.h.

◆ PSA_HASH_MAX_SIZE

#define PSA_HASH_MAX_SIZE   32

Maximum size of a hash.

This macro must expand to a compile-time constant integer. This value should be the maximum size of a hash supported by the implementation, in bytes, and must be no smaller than this maximum.

Definition at line 105 of file crypto_sizes.h.

◆ PSA_MAC_MAX_SIZE

#define PSA_MAC_MAX_SIZE   PSA_HASH_MAX_SIZE

Maximum size of a MAC.

This macro must expand to a compile-time constant integer. This value should be the maximum size of a MAC supported by the implementation, in bytes, and must be no smaller than this maximum.

Definition at line 122 of file crypto_sizes.h.

◆ PSA_AEAD_TAG_LENGTH

#define PSA_AEAD_TAG_LENGTH (   alg)
Value:
(PSA_ALG_IS_AEAD(alg) ? \
(((alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> PSA_AEAD_TAG_LENGTH_OFFSET) : \
0)
PSA_ALG_IS_AEAD
#define PSA_ALG_IS_AEAD(alg)
Whether the specified algorithm is an authenticated encryption with associated data (AEAD) algorithm.
Definition: crypto_values.h:672

The tag size for an AEAD algorithm, in bytes.

Parameters
algAn AEAD algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true).
Returns
The tag size for the specified algorithm. If the AEAD algorithm does not have an identified tag that can be distinguished from the rest of the ciphertext, return 0. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.

Definition at line 139 of file crypto_sizes.h.

◆ PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN

#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN   128

This macro returns the maximum length of the PSK supported by the TLS-1.2 PSK-to-MS key derivation.

Quoting RFC 4279, Sect 5.3: TLS implementations supporting these ciphersuites MUST support arbitrary PSK identities up to 128 octets in length, and arbitrary PSKs up to 64 octets in length. Supporting longer identities and keys is RECOMMENDED.

Therefore, no implementation should define a value smaller than 64 for PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN.

Definition at line 205 of file crypto_sizes.h.

◆ PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE

#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE   16

The maximum size of a block cipher supported by the implementation.

Definition at line 208 of file crypto_sizes.h.

◆ PSA_MAC_FINAL_SIZE

#define PSA_MAC_FINAL_SIZE (   key_type,
  key_bits,
  alg 
)
Value:
((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
PSA_ALG_IS_HMAC(alg) ? PSA_HASH_SIZE(PSA_ALG_HMAC_GET_HASH(alg)) : \
PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \
((void)(key_type), (void)(key_bits), 0))
PSA_HASH_SIZE
#define PSA_HASH_SIZE(alg)
The size of the output of psa_hash_finish(), in bytes.
Definition: crypto_sizes.h:71
PSA_MAC_TRUNCATED_LENGTH
#define PSA_MAC_TRUNCATED_LENGTH(mac_alg)
Length to which a MAC algorithm is truncated.
Definition: crypto_values.h:894
PSA_BLOCK_CIPHER_BLOCK_SIZE
#define PSA_BLOCK_CIPHER_BLOCK_SIZE(type)
The block size of a block cipher.
Definition: crypto_values.h:599
PSA_ALG_IS_BLOCK_CIPHER_MAC
#define PSA_ALG_IS_BLOCK_CIPHER_MAC(alg)
Whether the specified algorithm is a MAC algorithm based on a block cipher.
Definition: crypto_values.h:915

The size of the output of psa_mac_sign_finish(), in bytes.

This is also the MAC size that psa_mac_verify_finish() expects.

Parameters
key_typeThe type of the MAC key.
key_bitsThe size of the MAC key in bits.
algA MAC algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_MAC(alg) is true).
Returns
The MAC size for the specified algorithm with the specified key parameters.
0 if the MAC algorithm is not recognized.
Either 0 or the correct size for a MAC algorithm that the implementation recognizes, but does not support.
Unspecified if the key parameters are not consistent with the algorithm.

Definition at line 227 of file crypto_sizes.h.

◆ PSA_AEAD_ENCRYPT_OUTPUT_SIZE

#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE (   alg,
  plaintext_length 
)
Value:
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
(plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \
0)
PSA_AEAD_TAG_LENGTH
#define PSA_AEAD_TAG_LENGTH(alg)
The tag size for an AEAD algorithm, in bytes.
Definition: crypto_sizes.h:139

The maximum size of the output of psa_aead_encrypt(), in bytes.

If the size of the ciphertext buffer is at least this large, it is guaranteed that psa_aead_encrypt() will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the ciphertext may be smaller.

Parameters
algAn AEAD algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true).
plaintext_lengthSize of the plaintext in bytes.
Returns
The AEAD ciphertext size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.

Definition at line 252 of file crypto_sizes.h.

◆ PSA_AEAD_DECRYPT_OUTPUT_SIZE

#define PSA_AEAD_DECRYPT_OUTPUT_SIZE (   alg,
  ciphertext_length 
)
Value:
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
(ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : \
0)

The maximum size of the output of psa_aead_decrypt(), in bytes.

If the size of the plaintext buffer is at least this large, it is guaranteed that psa_aead_decrypt() will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the plaintext may be smaller.

Parameters
algAn AEAD algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true).
ciphertext_lengthSize of the plaintext in bytes.
Returns
The AEAD ciphertext size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.

Definition at line 276 of file crypto_sizes.h.

◆ PSA_AEAD_UPDATE_OUTPUT_SIZE

#define PSA_AEAD_UPDATE_OUTPUT_SIZE (   alg,
  input_length 
)
Value:
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
PSA_ROUND_UP_TO_MULTIPLE(PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE, (input_length)) : \
(input_length))
PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE
#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE
The maximum size of a block cipher supported by the implementation.
Definition: crypto_sizes.h:208
PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER
#define PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg)
Whether the specified algorithm is an AEAD mode on a block cipher.
Definition: crypto_values.h:1023

A sufficient output buffer size for psa_aead_update().

If the size of the output buffer is at least this large, it is guaranteed that psa_aead_update() will not fail due to an insufficient buffer size. The actual size of the output may be smaller in any given call.

Parameters
algAn AEAD algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true).
input_lengthSize of the input in bytes.
Returns
A sufficient output buffer size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.

Definition at line 304 of file crypto_sizes.h.

◆ PSA_AEAD_FINISH_OUTPUT_SIZE

#define PSA_AEAD_FINISH_OUTPUT_SIZE (   alg)
Value:
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : \
0)

A sufficient ciphertext buffer size for psa_aead_finish().

If the size of the ciphertext buffer is at least this large, it is guaranteed that psa_aead_finish() will not fail due to an insufficient ciphertext buffer size. The actual size of the output may be smaller in any given call.

Parameters
algAn AEAD algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true).
Returns
A sufficient ciphertext buffer size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.

Definition at line 327 of file crypto_sizes.h.

◆ PSA_AEAD_VERIFY_OUTPUT_SIZE

#define PSA_AEAD_VERIFY_OUTPUT_SIZE (   alg)
Value:
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE : \
0)

A sufficient plaintext buffer size for psa_aead_verify().

If the size of the plaintext buffer is at least this large, it is guaranteed that psa_aead_verify() will not fail due to an insufficient plaintext buffer size. The actual size of the output may be smaller in any given call.

Parameters
algAn AEAD algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true).
Returns
A sufficient plaintext buffer size for the specified algorithm. If the AEAD algorithm is not recognized, return 0. An implementation may return either 0 or a correct size for an AEAD algorithm that it recognizes, but does not support.

Definition at line 350 of file crypto_sizes.h.

◆ PSA_ECDSA_SIGNATURE_SIZE

#define PSA_ECDSA_SIGNATURE_SIZE (   curve_bits)     (PSA_BITS_TO_BYTES(curve_bits) * 2)

ECDSA signature size for a given curve bit size.

Parameters
curve_bitsCurve size in bits.
Returns
Signature size in bytes.
Note
This macro returns a compile-time constant if its argument is one.

Definition at line 368 of file crypto_sizes.h.

◆ PSA_SIGN_OUTPUT_SIZE

#define PSA_SIGN_OUTPUT_SIZE (   key_type,
  key_bits,
  alg 
)
Value:
(PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
((void)alg, 0))
PSA_ECDSA_SIGNATURE_SIZE
#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits)
ECDSA signature size for a given curve bit size.
Definition: crypto_sizes.h:368
PSA_KEY_TYPE_IS_RSA
#define PSA_KEY_TYPE_IS_RSA(type)
Whether a key type is an RSA key (pair or public-only).
Definition: crypto_values.h:421
PSA_KEY_TYPE_IS_ECC
#define PSA_KEY_TYPE_IS_ECC(type)
Whether a key type is an elliptic curve key (pair or public-only).
Definition: crypto_values.h:443

Sufficient signature buffer size for psa_sign_hash().

This macro returns a sufficient buffer size for a signature using a key of the specified type and size, with the specified algorithm. Note that the actual size of the signature may be smaller (some algorithms produce a variable-size signature).

Warning
This function may call its arguments multiple times or zero times, so you should not pass arguments that contain side effects.
Parameters
key_typeAn asymmetric key type (this may indifferently be a key pair type or a public key type).
key_bitsThe size of the key in bits.
algThe signature algorithm.
Returns
If the parameters are valid and supported, return a buffer size in bytes that guarantees that psa_sign_hash() will not fail with PSA_ERROR_BUFFER_TOO_SMALL. If the parameters are a valid combination that is not supported by the implementation, this macro shall return either a sensible size or 0. If the parameters are not valid, the return value is unspecified.

Definition at line 397 of file crypto_sizes.h.

◆ PSA_SIGNATURE_MAX_SIZE

#define PSA_SIGNATURE_MAX_SIZE
Value:
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE)

Maximum size of an asymmetric signature.

This macro must expand to a compile-time constant integer. This value should be the maximum size of a signature supported by the implementation, in bytes, and must be no smaller than this maximum.

Definition at line 413 of file crypto_sizes.h.

◆ PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE

#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE (   key_type,
  key_bits,
  alg 
)
Value:
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
0)

Sufficient output buffer size for psa_asymmetric_encrypt().

This macro returns a sufficient buffer size for a ciphertext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the ciphertext may be smaller, depending on the algorithm.

Warning
This function may call its arguments multiple times or zero times, so you should not pass arguments that contain side effects.
Parameters
key_typeAn asymmetric key type (this may indifferently be a key pair type or a public key type).
key_bitsThe size of the key in bits.
algThe asymmetric encryption algorithm.
Returns
If the parameters are valid and supported, return a buffer size in bytes that guarantees that psa_asymmetric_encrypt() will not fail with PSA_ERROR_BUFFER_TOO_SMALL. If the parameters are a valid combination that is not supported by the implementation, this macro shall return either a sensible size or 0. If the parameters are not valid, the return value is unspecified.

Definition at line 444 of file crypto_sizes.h.

◆ PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE

#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE (   key_type,
  key_bits,
  alg 
)
Value:
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
0)

Sufficient output buffer size for psa_asymmetric_decrypt().

This macro returns a sufficient buffer size for a plaintext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the plaintext may be smaller, depending on the algorithm.

Warning
This function may call its arguments multiple times or zero times, so you should not pass arguments that contain side effects.
Parameters
key_typeAn asymmetric key type (this may indifferently be a key pair type or a public key type).
key_bitsThe size of the key in bits.
algThe asymmetric encryption algorithm.
Returns
If the parameters are valid and supported, return a buffer size in bytes that guarantees that psa_asymmetric_decrypt() will not fail with PSA_ERROR_BUFFER_TOO_SMALL. If the parameters are a valid combination that is not supported by the implementation, this macro shall return either a sensible size or 0. If the parameters are not valid, the return value is unspecified.

Definition at line 475 of file crypto_sizes.h.

◆ PSA_KEY_EXPORT_MAX_SIZE

#define PSA_KEY_EXPORT_MAX_SIZE (   key_type,
  key_bits 
)
Value:
(PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
(key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
(key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
(key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
(key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
0)
PSA_KEY_TYPE_RSA_KEY_PAIR
#define PSA_KEY_TYPE_RSA_KEY_PAIR
RSA key pair (private and public key).
Definition: crypto_values.h:419
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY
#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)
Whether a key type is an elliptic curve public key.
Definition: crypto_values.h:451
PSA_KEY_TYPE_DSA_PUBLIC_KEY
#define PSA_KEY_TYPE_DSA_PUBLIC_KEY
DSA public key.
Definition: crypto_extra.h:333
PSA_KEY_TYPE_DSA_KEY_PAIR
#define PSA_KEY_TYPE_DSA_KEY_PAIR
DSA key pair (private and public key).
Definition: crypto_extra.h:351
PSA_KEY_TYPE_RSA_PUBLIC_KEY
#define PSA_KEY_TYPE_RSA_PUBLIC_KEY
RSA public key.
Definition: crypto_values.h:417
PSA_KEY_TYPE_IS_ECC_KEY_PAIR
#define PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)
Whether a key type is an elliptic curve key pair.
Definition: crypto_values.h:447
PSA_KEY_TYPE_IS_UNSTRUCTURED
#define PSA_KEY_TYPE_IS_UNSTRUCTURED(type)
Whether a key type is an unstructured array of bytes.
Definition: crypto_values.h:315

Sufficient output buffer size for psa_export_key() or psa_export_public_key().

This macro returns a compile-time constant if its arguments are compile-time constants.

Warning
This function may call its arguments multiple times or zero times, so you should not pass arguments that contain side effects.

The following code illustrates how to allocate enough memory to export a key by querying the key type and size at runtime.

psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status;
status = psa_get_key_attributes(key, &attributes);
if (status != PSA_SUCCESS) handle_error(...);
psa_key_type_t key_type = psa_get_key_type(&attributes);
size_t key_bits = psa_get_key_bits(&attributes);
size_t buffer_size = PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits);
psa_reset_key_attributes(&attributes);
uint8_t *buffer = malloc(buffer_size);
if (buffer == NULL) handle_error(...);
size_t buffer_length;
status = psa_export_key(key, buffer, buffer_size, &buffer_length);
if (status != PSA_SUCCESS) handle_error(...);
PSA_KEY_EXPORT_MAX_SIZE
#define PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits)
Sufficient output buffer size for psa_export_key() or psa_export_public_key().
Definition: crypto_sizes.h:650
psa_reset_key_attributes
void psa_reset_key_attributes(psa_key_attributes_t *attributes)
Reset a key attribute structure to a freshly initialized state.
PSA_KEY_ATTRIBUTES_INIT
#define PSA_KEY_ATTRIBUTES_INIT
This macro returns a suitable initializer for a key attribute structure of type psa_key_attributes_t.
Definition: crypto_struct.h:365
psa_get_key_attributes
psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, psa_key_attributes_t *attributes)
Retrieve the attributes of a key.
psa_key_type_t
uint16_t psa_key_type_t
Encoding of a key type.
Definition: crypto_types.h:66
psa_status_t
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:55
PSA_SUCCESS
#define PSA_SUCCESS
The action was completed successfully.
Definition: crypto_values.h:45
psa_export_key
psa_status_t psa_export_key(mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length)
Export a key in binary format.
psa_key_attributes_s
Definition: crypto_struct.h:353

For psa_export_public_key(), calculate the buffer size from the public key type. You can use the macro PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR to convert a key pair type to the corresponding public key type.

psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status;
status = psa_get_key_attributes(key, &attributes);
if (status != PSA_SUCCESS) handle_error(...);
psa_key_type_t key_type = psa_get_key_type(&attributes);
psa_key_type_t public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(key_type);
size_t key_bits = psa_get_key_bits(&attributes);
size_t buffer_size = PSA_KEY_EXPORT_MAX_SIZE(public_key_type, key_bits);
psa_reset_key_attributes(&attributes);
uint8_t *buffer = malloc(buffer_size);
if (buffer == NULL) handle_error(...);
size_t buffer_length;
status = psa_export_public_key(key, buffer, buffer_size, &buffer_length);
if (status != PSA_SUCCESS) handle_error(...);
PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR
#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type)
The public key type corresponding to a key pair type.
Definition: crypto_values.h:353
psa_export_public_key
psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length)
Export a public key or the public part of a key pair in binary format.
Parameters
key_typeA supported key type.
key_bitsThe size of the key in bits.
Returns
If the parameters are valid and supported, return a buffer size in bytes that guarantees that psa_sign_hash() will not fail with PSA_ERROR_BUFFER_TOO_SMALL. If the parameters are a valid combination that is not supported by the implementation, this macro shall return either a sensible size or 0. If the parameters are not valid, the return value is unspecified.

Definition at line 650 of file crypto_sizes.h.

◆ PSA_AEAD_NONCE_LENGTH

#define PSA_AEAD_NONCE_LENGTH (   key_type,
  alg 
)
Value:
(PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) == 16 && \
(PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_CCM || \
PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_GCM) ? 12 : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \
0)
PSA_ALG_GCM
#define PSA_ALG_GCM
The GCM authenticated encryption algorithm.
Definition: crypto_values.h:1037
PSA_ALG_CHACHA20_POLY1305
#define PSA_ALG_CHACHA20_POLY1305
The Chacha20-Poly1305 AEAD algorithm.
Definition: crypto_values.h:1048
PSA_KEY_TYPE_CHACHA20
#define PSA_KEY_TYPE_CHACHA20
Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.
Definition: crypto_values.h:414
PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH
#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(aead_alg)
Calculate the corresponding AEAD algorithm with the default tag length.
Definition: crypto_values.h:1088
PSA_ALG_CCM
#define PSA_ALG_CCM
The CCM authenticated encryption algorithm.
Definition: crypto_values.h:1031

The default nonce size for an AEAD algorithm, in bytes.

This macro can be used to allocate a buffer of sufficient size to store the nonce output from psa_aead_generate_nonce().

See also PSA_AEAD_NONCE_MAX_SIZE.

Note
This is not the maximum size of nonce supported as input to psa_aead_set_nonce(), psa_aead_encrypt() or psa_aead_decrypt(), just the default size that is generated by psa_aead_generate_nonce().
Warning
This macro may evaluate its arguments multiple times or zero times, so you should not pass arguments that contain side effects.
Parameters
key_typeA symmetric key type that is compatible with algorithm alg.
algAn AEAD algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true).
Returns
The default nonce size for the specified key type and algorithm. If the key type or AEAD algorithm is not recognized, or the parameters are incompatible, return 0. An implementation can return either 0 or a correct size for a key type and AEAD algorithm that it recognizes, but does not support.

Definition at line 685 of file crypto_sizes.h.

◆ PSA_AEAD_NONCE_MAX_SIZE

#define PSA_AEAD_NONCE_MAX_SIZE   12

The maximum default nonce size among all supported pairs of key types and AEAD algorithms, in bytes.

This is equal to or greater than any value that PSA_AEAD_NONCE_LENGTH() may return.

Note
This is not the maximum size of nonce supported as input to psa_aead_set_nonce(), psa_aead_encrypt() or psa_aead_decrypt(), just the largest size that may be generated by psa_aead_generate_nonce().

Definition at line 701 of file crypto_sizes.h.

◆ PSA_CIPHER_IV_LENGTH

#define PSA_CIPHER_IV_LENGTH (   key_type,
  alg 
)
Value:
(PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) > 1 && \
((alg) == PSA_ALG_CTR || \
(alg) == PSA_ALG_CFB || \
(alg) == PSA_ALG_OFB || \
(alg) == PSA_ALG_XTS || \
(alg) == PSA_ALG_CBC_NO_PADDING || \
(alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
(alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
0)
PSA_ALG_CFB
#define PSA_ALG_CFB
The CFB stream cipher mode.
Definition: crypto_values.h:959
PSA_ALG_XTS
#define PSA_ALG_XTS
The XTS cipher mode.
Definition: crypto_values.h:973
PSA_ALG_CBC_NO_PADDING
#define PSA_ALG_CBC_NO_PADDING
The CBC block cipher chaining mode, with no padding.
Definition: crypto_values.h:1002
PSA_ALG_CTR
#define PSA_ALG_CTR
The CTR stream cipher mode.
Definition: crypto_values.h:953
PSA_ALG_STREAM_CIPHER
#define PSA_ALG_STREAM_CIPHER
The stream cipher mode of a stream cipher algorithm.
Definition: crypto_values.h:944
PSA_ALG_OFB
#define PSA_ALG_OFB
The OFB stream cipher mode.
Definition: crypto_values.h:965
PSA_ALG_CBC_PKCS7
#define PSA_ALG_CBC_PKCS7
The CBC block cipher chaining mode with PKCS#7 padding.
Definition: crypto_values.h:1010

The default IV size for a cipher algorithm, in bytes.

The IV that is generated as part of a call to psa_cipher_encrypt() is always the default IV length for the algorithm.

This macro can be used to allocate a buffer of sufficient size to store the IV output from psa_cipher_generate_iv() when using a multi-part cipher operation.

See also PSA_CIPHER_IV_MAX_SIZE.

Warning
This macro may evaluate its arguments multiple times or zero times, so you should not pass arguments that contain side effects.
Parameters
key_typeA symmetric key type that is compatible with algorithm alg.
algA cipher algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_CIPHER(alg) is true).
Returns
The default IV size for the specified key type and algorithm. If the algorithm does not use an IV, return 0. If the key type or cipher algorithm is not recognized, or the parameters are incompatible, return 0. An implementation can return either 0 or a correct size for a key type and cipher algorithm that it recognizes, but does not support.

Definition at line 729 of file crypto_sizes.h.

◆ PSA_CIPHER_IV_MAX_SIZE

#define PSA_CIPHER_IV_MAX_SIZE   16

The maximum IV size for all supported cipher algorithms, in bytes.

See also PSA_CIPHER_IV_LENGTH().

Definition at line 745 of file crypto_sizes.h.