From 45574797e7c66dcd99cfeb0e0be5feb291271d1a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Oct 2025 09:06:24 +0200 Subject: [PATCH] psa: crypto_extra: improve buffer size computation for static key slots Take also MAC's key types into account when computing the size of the buffer to store key material in static key slot configuration. Signed-off-by: Valerio Setti --- include/psa/crypto_extra.h | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index a710397a77..58322cddf4 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -33,13 +33,39 @@ extern "C" { #endif /* If the size of static key slots is not explicitly defined by the user, then - * set it to the maximum between PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE and - * PSA_CIPHER_MAX_KEY_LENGTH. + * set it to the maximum between PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE, + * PSA_CIPHER_MAX_KEY_LENGTH and PSA_MAC_MAX_SIZE. * See mbedtls_config.h for the definition. */ #if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE) -#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE \ - ((PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \ - PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH) + +#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 1 + +#if PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +#undef MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE +#endif + +#if PSA_CIPHER_MAX_KEY_LENGTH > MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +#undef MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE PSA_CIPHER_MAX_KEY_LENGTH +#endif + +/* For HMAC, it's typical but not mandatory to use a key size that is equal to + * the hash size. */ +#if PSA_WANT_ALG_HMAC +#if PSA_HASH_MAX_SIZE > MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +#undef MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE PSA_HASH_MAX_SIZE +#endif +#endif /* PSA_WANT_ALG_HMAC */ + +#if PSA_WANT_ALG_CMAC +#if PSA_CIPHER_MAX_KEY_LENGTH > MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +#undef MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE PSA_CIPHER_MAX_KEY_LENGTH +#endif +#endif /* PSA_WANT_ALG_CMAC */ + #endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/ /** \addtogroup attributes