|
Platform Security Architecture — cryptography and keystore interface
beta 2 — 2019-02-22
|
PSA cryptography module: Mbed TLS buffer size macros. More...
#include "../mbedtls/config.h"

Go to the source code of this file.
Macros | |
| #define | PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8) |
| #define | PSA_BYTES_TO_BITS(bytes) ((bytes) * 8) |
| #define | PSA_HASH_SIZE(alg) |
| #define | PSA_HASH_MAX_SIZE 64 |
| #define | PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 |
| #define | PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE |
| #define | PSA_AEAD_TAG_LENGTH(alg) |
| #define | PSA_VENDOR_RSA_MAX_KEY_BITS 4096 |
| #define | PSA_VENDOR_ECC_MAX_CURVE_BITS 521 |
| #define | PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN 128 |
| #define | PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE |
| #define | PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE 16 |
| #define | PSA_MAC_FINAL_SIZE(key_type, key_bits, alg) |
| #define | PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) |
| #define | PSA_AEAD_FINISH_OUTPUT_SIZE(alg) ((size_t)0) |
| #define | PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) |
| #define | PSA_RSA_MINIMUM_PADDING_SIZE(alg) |
| #define | PSA_ECDSA_SIGNATURE_SIZE(curve_bits) (PSA_BITS_TO_BYTES(curve_bits) * 2) |
| ECDSA signature size for a given curve bit size. More... | |
| #define | PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) |
| #define | PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) |
| #define | PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) |
| #define | PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) ((bits) / 8 + 5) |
| #define | PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 36) |
| #define | PSA_KEY_EXPORT_RSA_KEYPAIR_MAX_SIZE(key_bits) (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14) |
| #define | PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59) |
| #define | PSA_KEY_EXPORT_DSA_KEYPAIR_MAX_SIZE(key_bits) (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75) |
| #define | PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) (2 * PSA_BITS_TO_BYTES(key_bits) + 36) |
| #define | PSA_KEY_EXPORT_ECC_KEYPAIR_MAX_SIZE(key_bits) (PSA_BITS_TO_BYTES(key_bits)) |
| #define | PSA_KEY_EXPORT_MAX_SIZE(key_type, key_bits) |
PSA cryptography module: Mbed TLS buffer size macros.
This file contains the definitions of macros that are useful to compute buffer sizes. The signatures and semantics of these macros are standardized, but the definitions are not, because they depend on the available algorithms and, in some cases, on permitted tolerances on buffer sizes.
In implementations with isolation between the application and the cryptography module, implementers should take care to ensure that the definitions that are exposed to applications match what the module implements.
Macros that compute sizes whose values do not depend on the implementation are in crypto.h.
| #define PSA_AEAD_DECRYPT_OUTPUT_SIZE | ( | alg, | |
| ciphertext_length | |||
| ) |
The maximum size of the output of psa_aead_decrypt(), in bytes.
If the size of the plaintext buffer is at least this large, it is guaranteed that psa_aead_decrypt() will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the plaintext may be smaller.
| alg | An AEAD algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true). |
| ciphertext_length | Size of the plaintext in bytes. |
| #define PSA_AEAD_ENCRYPT_OUTPUT_SIZE | ( | alg, | |
| plaintext_length | |||
| ) |
The maximum size of the output of psa_aead_encrypt(), in bytes.
If the size of the ciphertext buffer is at least this large, it is guaranteed that psa_aead_encrypt() will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the ciphertext may be smaller.
| alg | An AEAD algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true). |
| plaintext_length | Size of the plaintext in bytes. |
| #define PSA_AEAD_FINISH_OUTPUT_SIZE | ( | alg | ) | ((size_t)0) |
The maximum size of the output of psa_aead_finish(), in bytes.
If the size of the ciphertext buffer is at least this large, it is guaranteed that psa_aead_finish() will not fail due to an insufficient buffer size. Depending on the algorithm, the actual size of the ciphertext may be smaller.
| alg | An AEAD algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true). |
| #define PSA_AEAD_TAG_LENGTH | ( | alg | ) |
The tag size for an AEAD algorithm, in bytes.
| alg | An AEAD algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true). |
| #define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN 128 |
This macro returns the maximum length of the PSK supported by the TLS-1.2 PSK-to-MS key derivation.
Quoting RFC 4279, Sect 5.3: TLS implementations supporting these ciphersuites MUST support arbitrary PSK identities up to 128 octets in length, and arbitrary PSKs up to 64 octets in length. Supporting longer identities and keys is RECOMMENDED.
Therefore, no implementation should define a value smaller than 64 for PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN.
| #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE | ( | key_type, | |
| key_bits, | |||
| alg | |||
| ) |
Safe output buffer size for psa_asymmetric_decrypt().
This macro returns a safe buffer size for a ciphertext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the ciphertext may be smaller, depending on the algorithm.
| key_type | An asymmetric key type (this may indifferently be a key pair type or a public key type). |
| key_bits | The size of the key in bits. |
| alg | The signature algorithm. |
| #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE | ( | key_type, | |
| key_bits, | |||
| alg | |||
| ) |
Safe output buffer size for psa_asymmetric_encrypt().
This macro returns a safe buffer size for a ciphertext produced using a key of the specified type and size, with the specified algorithm. Note that the actual size of the ciphertext may be smaller, depending on the algorithm.
| key_type | An asymmetric key type (this may indifferently be a key pair type or a public key type). |
| key_bits | The size of the key in bits. |
| alg | The signature algorithm. |
| #define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE | ( | key_type, | |
| key_bits, | |||
| alg | |||
| ) |
Safe signature buffer size for psa_asymmetric_sign().
This macro returns a safe buffer size for a signature using a key of the specified type and size, with the specified algorithm. Note that the actual size of the signature may be smaller (some algorithms produce a variable-size signature).
| key_type | An asymmetric key type (this may indifferently be a key pair type or a public key type). |
| key_bits | The size of the key in bits. |
| alg | The signature algorithm. |
| #define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE |
Maximum size of an asymmetric signature.
This macro must expand to a compile-time constant integer. This value should be the maximum size of a MAC supported by the implementation, in bytes, and must be no smaller than this maximum.
| #define PSA_ECDSA_SIGNATURE_SIZE | ( | curve_bits | ) | (PSA_BITS_TO_BYTES(curve_bits) * 2) |
ECDSA signature size for a given curve bit size.
| curve_bits | Curve size in bits. |
| #define PSA_HASH_MAX_SIZE 64 |
Maximum size of a hash.
This macro must expand to a compile-time constant integer. This value should be the maximum size of a hash supported by the implementation, in bytes, and must be no smaller than this maximum.
| #define PSA_HASH_SIZE | ( | alg | ) |
The size of the output of psa_hash_finish(), in bytes.
This is also the hash size that psa_hash_verify() expects.
| alg | A hash algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_HASH(alg) is true), or an HMAC algorithm (PSA_ALG_HMAC(hash_alg) where hash_alg is a hash algorithm). |
| #define PSA_KEY_EXPORT_MAX_SIZE | ( | key_type, | |
| key_bits | |||
| ) |
Safe output buffer size for psa_export_key() or psa_export_public_key().
This macro returns a compile-time constant if its arguments are compile-time constants.
The following code illustrates how to allocate enough memory to export a key by querying the key type and size at runtime.
For psa_export_public_key(), calculate the buffer size from the public key type. You can use the macro PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR to convert a key pair type to the corresponding public key type.
| key_type | A supported key type. |
| key_bits | The size of the key in bits. |
| #define PSA_MAC_FINAL_SIZE | ( | key_type, | |
| key_bits, | |||
| alg | |||
| ) |
The size of the output of psa_mac_sign_finish(), in bytes.
This is also the MAC size that psa_mac_verify_finish() expects.
| key_type | The type of the MAC key. |
| key_bits | The size of the MAC key in bits. |
| alg | A MAC algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_MAC(alg) is true). |
| #define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE |
Maximum size of a MAC.
This macro must expand to a compile-time constant integer. This value should be the maximum size of a MAC supported by the implementation, in bytes, and must be no smaller than this maximum.
| #define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE 16 |
The maximum size of a block cipher supported by the implementation.
| #define PSA_RSA_MINIMUM_PADDING_SIZE | ( | alg | ) |
1.8.11