TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10447 from valeriosetti/static-key-store-fix-size

Browse Source 
[3.6] psa: improve buffer size computation for static key slots
This commit is contained in:
Gilles Peskine
2025-10-20 13:42:04 +00:00
committed by GitHub
parent 5a3d0214b3 a8ff9f76e9
commit 6dacfdc59e
2 changed files with 29 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog.d/fix-static-key-slot-buffer-size-computation.txt Normal file
View File

@@ -0,0 +1,4 @@
Features
* The automatic computation of MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE has
been improved to take into account the following key types:
asymmetric keys, ciphers, AEADs, CMAC and HMAC.

31
include/psa/crypto_extra.h
View File

@@ -33,13 +33,32 @@ extern "C" {
#endif
/* If the size of static key slots is not explicitly defined by the user, then
* set it to the maximum between PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE and
* PSA_CIPHER_MAX_KEY_LENGTH.
* See mbedtls_config.h for the definition. */
* try to guess it based on some of the most common the key types enabled in the build.
* See mbedtls_config.h for the definition of MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. */
#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE)
#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE \
((PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \
PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH)
#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 1
#if PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
#undef MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE
#endif
/* This covers ciphers, AEADs and CMAC. */
#if PSA_CIPHER_MAX_KEY_LENGTH > MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
#undef MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE PSA_CIPHER_MAX_KEY_LENGTH
#endif
/* For HMAC, it's typical but not mandatory to use a key size that is equal to
* the hash size. */
#if defined(PSA_WANT_ALG_HMAC)
#if PSA_HASH_MAX_SIZE > MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
#undef MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE PSA_HASH_MAX_SIZE
#endif
#endif /* PSA_WANT_ALG_HMAC */
#endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/
/** \addtogroup attributes