From 27a2688fbbe2bff37030bcbd5e9b18d5951e6d6f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 7 Aug 2020 11:30:05 +0100 Subject: [PATCH] Introduce public macro for maximum symmetric cipher key length This commit introduces the public macro MBEDTLS_MAX_KEY_LENGTH, which evaluates to an upper bound for the key lengths of all enabled ciphers, in Bytes. This is analogous to the already existing macros MBEDTLS_MAX_IV_LENGTH and MBEDTLS_MAX_BLOCK_LENGTH, which provide upper bounds for the IV and block length, respectively. For now, MBEDTLS_MAX_KEY_LENGTH is 32 Bytes by default, and 64 in case XTS is enabled. This is a strict overapproximation for some restricted configurations. Ideally, the upper bound should be calculated exactly and automatically from the list of enabled ciphers. The same applies to the existing macros MBEDTLS_MAX_IV_LENGTH and MBEDTLS_MAX_BLOCK_LENGTH, though, and is left for future work. Signed-off-by: Hanno Becker --- include/mbedtls/cipher.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 014786ad51..8a6c8ebdbc 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -227,10 +227,23 @@ enum { }; /** Maximum length of any IV, in Bytes. */ +/* This should ideally be derived automatically from list of ciphers. */ #define MBEDTLS_MAX_IV_LENGTH 16 + /** Maximum block size of any cipher, in Bytes. */ +/* This should ideally be derived automatically from list of ciphers. */ #define MBEDTLS_MAX_BLOCK_LENGTH 16 +/** Maximum key length, in Bytes. */ +/* This should ideally be derived automatically from list of ciphers. + * For now, only check whether XTS is enabled which uses 64 Byte keys, + * and use 32 Bytes as an upper bound for the maximum key length otherwise. */ +#if defined(MBEDTLS_CIPHER_MODE_XTS) +#define MBEDTLS_MAX_KEY_LENGTH 64 +#else +#define MBEDTLS_MAX_KEY_LENGTH 32 +#endif /* MBEDTLS_CIPHER_MODE_XTS */ + /** * Base cipher information (opaque struct). */