mcagriaksoy
commented
11 months ago Hello,
I have written something like:
for the macro of PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE
/**
* @brief Maximum size of a buffer needed to hold an exported ECC public key.
*
* This macro calculates the maximum size of a buffer that is necessary to hold an exported ECC public key,
* given the size of the key in bits. The calculation is based on the formula for Weierstrass elliptic curves,
* which is `2 * ceiling(key_bits / 8) + 1`.
*
* This formula accounts for the two coordinates of the point on the curve (x and y),
* each of which is `ceil(key_bits / 8)` bytes, plus one byte for the point compression format.
*
* @note For Montgomery and Edwards curves, which only use one coordinate, the formula is `ceiling(key_bits / 8) + 1`.
*
* @param key_bits The size of the key in bits.
*
* @return The maximum size of a buffer needed to hold the exported key.
*/The definition might be renamed to PSA_KEY_EXPORT_ECC_WEIER_PUBLIC_KEY_MAX_SIZE and we can create new definitions for Montgomery and Edwards curves.
The definition and the comment about
PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZEininclude/psa/crypto_sizes.happly to Weierstrass curves only: 0x04, x, y. This happens to work for Montgomery and Edwards curves as well (because those only use one coordinates, which takes less room), so it's no big deal, but the documentation there is misleading and the definition is suboptimal.The goal of this issue is to correct the comment and preferably improve the definition, and also to review other similar macros for a similar issue (something originally written for Weierstrass curves only and that should be updated for Montgomery and Edwards curves).