From 5e39dc96e009587401397590ec16d3da001ac7dc Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 8 Jun 2018 11:41:57 +0200
Subject: [PATCH] New macro PSA_AEAD_TAG_SIZE, use it for
 PSA_AEAD_xxx_OUTPUT_SIZE

---
 include/psa/crypto.h | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 7286ef9d8..9806c959d 100755
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -1073,6 +1073,25 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation);
  * @{
  */
 
+/** The tag size for an AEAD algorithm, in bytes.
+ *
+ * \param alg                 An AEAD algorithm
+ *                            (\c PSA_ALG_XXX value such that
+ *                            #PSA_ALG_IS_AEAD(alg) is true).
+ *
+ * \return                    The tag size for the specified algorithm.
+ *                            If the AEAD algorithm does not have an identified
+ *                            tag that can be distinguished from the rest of
+ *                            the ciphertext, return 0.
+ *                            If the AEAD algorithm is not recognized, return 0.
+ *                            An implementation may return either 0 or a
+ *                            correct size for an AEAD algorithm that it
+ *                            recognizes, but does not support.
+ */
+#define PSA_AEAD_TAG_SIZE(alg)             \
+    ((alg) == PSA_ALG_GCM ? 16 :           \
+     (alg) == PSA_ALG_CCM ? 16 :           \
+     0)
 
 /** The maximum size of the output of psa_aead_encrypt(), in bytes.
  *
@@ -1094,8 +1113,8 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation);
  *                            recognizes, but does not support.
  */
 #define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length)     \
-    ((alg) == PSA_ALG_GCM ? (plaintext_length) + 16 :           \
-     (alg) == PSA_ALG_CCM ? (plaintext_length) + 16 :           \
+    (PSA_AEAD_TAG_SIZE(alg) != 0 ?                              \
+     (plaintext_length) + PSA_AEAD_TAG_SIZE(alg) :              \
      0)
 
 /** Process an authenticated encryption operation.
@@ -1170,9 +1189,9 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key,
  *                            correct size for an AEAD algorithm that it
  *                            recognizes, but does not support.
  */
-#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length)     \
-    ((alg) == PSA_ALG_GCM ? (ciphertext_length) - 16 :           \
-     (alg) == PSA_ALG_CCM ? (ciphertext_length) - 16 :           \
+#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length)    \
+    (PSA_AEAD_TAG_SIZE(alg) != 0 ?                              \
+     (plaintext_length) - PSA_AEAD_TAG_SIZE(alg) :              \
      0)
 
 /** Process an authenticated decryption operation.