From a64e3a02b880cfcf9f5cce7dfacea769ba794ace Mon Sep 17 00:00:00 2001
From: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Date: Wed, 14 Jun 2023 12:07:09 +0200
Subject: [PATCH] Add few remarks regarding chunk size limits

Mention the possibility of backend imposing limits on the size of
processed data in all places where it may happen.

Change-Id: Id828f15b8692859a1efad015dcb3692c9c29432e
---
 src/include/ckmc/ckmc-manager.h | 20 ++++++++++++--------
 src/include/ckmc/ckmc-type.h    |  8 ++++++--
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/src/include/ckmc/ckmc-manager.h b/src/include/ckmc/ckmc-manager.h
index 6386f23..3c04778 100644
--- a/src/include/ckmc/ckmc-manager.h
+++ b/src/include/ckmc/ckmc-manager.h
@@ -1002,11 +1002,10 @@ int ckmc_remove_alias(const char *alias);
  * @param[in] key_alias Alias of the key to be used for encryption
  * @param[in] password The password used in decrypting a key value. If password of the policy is
  *                     provided in ckmc_save_key(), the same password should be provided
- * @param[in] decrypted Data to be encrypted. In case of AES algorithm there are no restrictions on
- *                      the size of data, if S/W backend is used. If module uses TEE backend (since
- *                      Tizen 5.0 on chosen images), maximum size of data is implementation-specific
- *                      and at least 500 kB. For RSA the size must be smaller or equal to key size
- *                      in bytes - 42.
+ * @param[in] decrypted Data to be encrypted. In case of AES algorithm the backend may impose limit
+ *                      on the maximum size of processed data
+ *                      (@see ckmc_backend_get_max_chunk_size()). For RSA the size must be smaller
+ *                      or equal to key size in bytes - 42.
  *                      Example: for 1024 RSA key the maximum data size is 1024/8 - 42 = 86.
  * @param[out] ppencrypted Encrypted data. In #CKMC_ALGO_AES_GCM mode it includes the GCM tag
  *                         appended at the end.
@@ -1063,9 +1062,10 @@ int ckmc_encrypt_data(ckmc_param_list_h params,
  * @param[in] password The password used in decrypting a key value. If password of the policy is
  *                     provided in ckmc_save_key(), the same password should be provided
  * @param[in] encrypted Data to be decrypted. #CKMC_ALGO_AES_GCM mode requires GCM tag to be
- *                      appended at the end. Since Tizen 5.0, on chosen images where module is using
- *                      TEE backend, data size is limited to at least 500 kB (TEE
- *                      implementation-specific).
+ *                      appended at the end. In case of AES algorithm the backend may impose limit
+ *                      on the maximum size of processed data
+ *                      (@see ckmc_backend_get_max_chunk_size()). For RSA the size must be smaller
+ *                      or equal to key size in bytes - 42.
  * @param[out] ppdecrypted Decrypted data
  *
  * @return @c 0 on success, otherwise a negative error value
@@ -1115,6 +1115,8 @@ int ckmc_decrypt_data(ckmc_param_list_h params,
  * @remarks If password in @a policy is provided, the stored key is additionally encrypted with it.
  * @remarks If extractable in @a policy is set to false, the stored key may still be exported in a
  *          wrapped form.
+ * @remarks Note that the backend may impose limit on the maximum size of @a wrapped_key
+ *          (@see ckmc_backend_get_max_chunk_size()).
  *
  * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and #ckmc_algo_type_e
  *                   for details. Supported algorithms:
@@ -1321,6 +1323,8 @@ int ckmc_cipher_initialize(ckmc_param_list_h params,
  * @remarks The function may be called multiple times to encrypt succcessive blocks of data.
  * @remarks The newly created @a ppout must be destroyed using ckmc_buffer_free() when it's no
  *          longer needed.
+ * @remarks Note that the backend may impose limit on the maximum size of processed data
+ *          (@see ckmc_backend_get_max_chunk_size()).
  *
  * @param[in] context Encryption/decryption context created with ckmc_cipher_initialize()
  * @param[in] in Encryption/decryption input
diff --git a/src/include/ckmc/ckmc-type.h b/src/include/ckmc/ckmc-type.h
index ef34a1d..7275776 100644
--- a/src/include/ckmc/ckmc-type.h
+++ b/src/include/ckmc/ckmc-type.h
@@ -419,12 +419,16 @@ typedef enum __ckmc_algo_type {
                        Supported parameters:
                        - #CKMC_PARAM_ALGO_TYPE = #CKMC_ALGO_AES_GCM (mandatory),
                        - #CKMC_PARAM_ED_IV = 1 to (2^64-1) bytes long initialization vector.
-                       Recommended length is 12B (mandatory)
+                       Note that the backend may impose additional limit on the maximum size
+                       (@see ckmc_backend_get_max_chunk_size()). Recommended length is 12B
+                       (mandatory)
                        - #CKMC_PARAM_ED_TAG_LEN = GCM tag length in bits. One of
                        {32, 64, 96, 104, 112, 120, 128} (optional, if not present, the
                        length 128 is used; since Tizen 5.0, if TrustZone backend is used,
                        32 and 64 lengths are not supported)
-                       - #CKMC_PARAM_ED_AAD = additional authentication data(optional) */
+                       - #CKMC_PARAM_ED_AAD = additional authentication data. Note that the backend
+                       may impose limit on the maximum size (@see ckmc_backend_get_max_chunk_size())
+                       (optional) */
 
 	CKMC_ALGO_AES_CFB, /**< AES-CFB algorithm
                        Supported parameters:
-- 
2.7.4