Merge pull request #3787 from bensze01/iv_nonce_size

PSA: Add support macros for IV/nonce sizes
This commit is contained in:
Gilles Peskine 2020-10-30 09:45:11 +01:00 committed by GitHub
commit 52f32c913e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -657,4 +657,91 @@
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
0) 0)
/** The default nonce size for an AEAD algorithm, in bytes.
*
* This macro can be used to allocate a buffer of sufficient size to
* store the nonce output from #psa_aead_generate_nonce().
*
* See also #PSA_AEAD_NONCE_MAX_SIZE.
*
* \note This is not the maximum size of nonce supported as input to #psa_aead_set_nonce(),
* #psa_aead_encrypt() or #psa_aead_decrypt(), just the default size that is generated by
* #psa_aead_generate_nonce().
*
* \warning This macro may evaluate its arguments multiple times or
* zero times, so you should not pass arguments that contain
* side effects.
*
* \param key_type A symmetric key type that is compatible with algorithm \p alg.
*
* \param alg An AEAD algorithm (\c PSA_ALG_XXX value such that #PSA_ALG_IS_AEAD(\p alg) is true).
*
* \return The default nonce size for the specified key type and algorithm.
* If the key type or AEAD algorithm is not recognized,
* or the parameters are incompatible, return 0.
* An implementation can return either 0 or a correct size for a key type
* and AEAD algorithm that it recognizes, but does not support.
*/
#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
(PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) == 16 && \
(PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_CCM || \
PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_GCM) ? 12 : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \
0)
/** The maximum default nonce size among all supported pairs of key types and AEAD algorithms, in bytes.
*
* This is equal to or greater than any value that #PSA_AEAD_NONCE_LENGTH() may return.
*
* \note This is not the maximum size of nonce supported as input to #psa_aead_set_nonce(),
* #psa_aead_encrypt() or #psa_aead_decrypt(), just the largest size that may be generated by
* #psa_aead_generate_nonce().
*/
#define PSA_AEAD_NONCE_MAX_SIZE 12
/** The default IV size for a cipher algorithm, in bytes.
*
* The IV that is generated as part of a call to #psa_cipher_encrypt() is always
* the default IV length for the algorithm.
*
* This macro can be used to allocate a buffer of sufficient size to
* store the IV output from #psa_cipher_generate_iv() when using
* a multi-part cipher operation.
*
* See also #PSA_CIPHER_IV_MAX_SIZE.
*
* \warning This macro may evaluate its arguments multiple times or
* zero times, so you should not pass arguments that contain
* side effects.
*
* \param key_type A symmetric key type that is compatible with algorithm \p alg.
*
* \param alg A cipher algorithm (\c PSA_ALG_XXX value such that #PSA_ALG_IS_CIPHER(\p alg) is true).
*
* \return The default IV size for the specified key type and algorithm.
* If the algorithm does not use an IV, return 0.
* If the key type or cipher algorithm is not recognized,
* or the parameters are incompatible, return 0.
* An implementation can return either 0 or a correct size for a key type
* and cipher algorithm that it recognizes, but does not support.
*/
#define PSA_CIPHER_IV_LENGTH(key_type, alg) \
(PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) > 1 && \
((alg) == PSA_ALG_CTR || \
(alg) == PSA_ALG_CFB || \
(alg) == PSA_ALG_OFB || \
(alg) == PSA_ALG_XTS || \
(alg) == PSA_ALG_CBC_NO_PADDING || \
(alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
(alg) == PSA_ALG_CHACHA20 ? 12 : \
0)
/** The maximum IV size for all supported cipher algorithms, in bytes.
*
* See also #PSA_CIPHER_IV_LENGTH().
*/
#define PSA_CIPHER_IV_MAX_SIZE 16
#endif /* PSA_CRYPTO_SIZES_H */ #endif /* PSA_CRYPTO_SIZES_H */