mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 08:54:23 +01:00
Change the encoding of EC curves and DH groups to include the size
Change the representation of psa_ecc_curve_t and psa_dh_group_t from the IETF 16-bit encoding to a custom 24-bit encoding where the upper 8 bits represent a curve family and the lower 16 bits are the key size in bits. Families are based on naming and mathematical similarity, with sufficiently precise families that no two curves in a family have the same bit size (for example SECP-R1 and SECP-R2 are two different families). As a consequence, the lower 16 bits of a key type value are always either the key size or 0.
This commit is contained in:
parent
d8197cb902
commit
025fccdc32
@ -198,38 +198,7 @@
|
||||
* This may be 0 if the implementation does not support
|
||||
* the specified curve.
|
||||
*/
|
||||
#define PSA_ECC_CURVE_BITS(curve) \
|
||||
((curve) == PSA_ECC_CURVE_SECT163K1 ? 163 : \
|
||||
(curve) == PSA_ECC_CURVE_SECT163R1 ? 163 : \
|
||||
(curve) == PSA_ECC_CURVE_SECT163R2 ? 163 : \
|
||||
(curve) == PSA_ECC_CURVE_SECT193R1 ? 193 : \
|
||||
(curve) == PSA_ECC_CURVE_SECT193R2 ? 193 : \
|
||||
(curve) == PSA_ECC_CURVE_SECT233K1 ? 233 : \
|
||||
(curve) == PSA_ECC_CURVE_SECT233R1 ? 233 : \
|
||||
(curve) == PSA_ECC_CURVE_SECT239K1 ? 239 : \
|
||||
(curve) == PSA_ECC_CURVE_SECT283K1 ? 283 : \
|
||||
(curve) == PSA_ECC_CURVE_SECT283R1 ? 283 : \
|
||||
(curve) == PSA_ECC_CURVE_SECT409K1 ? 409 : \
|
||||
(curve) == PSA_ECC_CURVE_SECT409R1 ? 409 : \
|
||||
(curve) == PSA_ECC_CURVE_SECT571K1 ? 571 : \
|
||||
(curve) == PSA_ECC_CURVE_SECT571R1 ? 571 : \
|
||||
(curve) == PSA_ECC_CURVE_SECP160K1 ? 160 : \
|
||||
(curve) == PSA_ECC_CURVE_SECP160R1 ? 160 : \
|
||||
(curve) == PSA_ECC_CURVE_SECP160R2 ? 160 : \
|
||||
(curve) == PSA_ECC_CURVE_SECP192K1 ? 192 : \
|
||||
(curve) == PSA_ECC_CURVE_SECP192R1 ? 192 : \
|
||||
(curve) == PSA_ECC_CURVE_SECP224K1 ? 224 : \
|
||||
(curve) == PSA_ECC_CURVE_SECP224R1 ? 224 : \
|
||||
(curve) == PSA_ECC_CURVE_SECP256K1 ? 256 : \
|
||||
(curve) == PSA_ECC_CURVE_SECP256R1 ? 256 : \
|
||||
(curve) == PSA_ECC_CURVE_SECP384R1 ? 384 : \
|
||||
(curve) == PSA_ECC_CURVE_SECP521R1 ? 521 : \
|
||||
(curve) == PSA_ECC_CURVE_BRAINPOOL_P256R1 ? 256 : \
|
||||
(curve) == PSA_ECC_CURVE_BRAINPOOL_P384R1 ? 384 : \
|
||||
(curve) == PSA_ECC_CURVE_BRAINPOOL_P512R1 ? 512 : \
|
||||
(curve) == PSA_ECC_CURVE_CURVE25519 ? 255 : \
|
||||
(curve) == PSA_ECC_CURVE_CURVE448 ? 448 : \
|
||||
0)
|
||||
#define PSA_ECC_CURVE_BITS(curve) ((curve) & 0xffff)
|
||||
|
||||
/** \def PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN
|
||||
*
|
||||
|
@ -70,78 +70,16 @@ typedef uint32_t psa_key_type_t;
|
||||
* The curve identifier is required to create an ECC key using the
|
||||
* PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
|
||||
* macros.
|
||||
*
|
||||
* The encoding of curve identifiers is taken from the
|
||||
* TLS Supported Groups Registry (formerly known as the
|
||||
* TLS EC Named Curve Registry)
|
||||
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
|
||||
*
|
||||
* This specification defines identifiers for some of the curves in the IANA
|
||||
* registry. Implementations that support other curves that are in the IANA
|
||||
* registry should use the IANA value and a implementation-specific identifier.
|
||||
* Implemenations that support non-IANA curves should use one of the following
|
||||
* approaches for allocating a key type:
|
||||
*
|
||||
* 1. Select a ::psa_ecc_curve_t value in the range #PSA_ECC_CURVE_VENDOR_MIN to
|
||||
* #PSA_ECC_CURVE_VENDOR_MAX, which is a subset of the IANA private use
|
||||
* range.
|
||||
* 2. Use a ::psa_key_type_t value that is vendor-defined.
|
||||
*
|
||||
* The first option is recommended.
|
||||
*/
|
||||
typedef uint16_t psa_ecc_curve_t;
|
||||
typedef uint32_t psa_ecc_curve_t;
|
||||
|
||||
/** The type of PSA Diffie-Hellman group identifiers.
|
||||
*
|
||||
* The group identifier is required to create an Diffie-Hellman key using the
|
||||
* PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
|
||||
* macros.
|
||||
*
|
||||
* The encoding of group identifiers is taken from the
|
||||
* TLS Supported Groups Registry (formerly known as the
|
||||
* TLS EC Named Curve Registry)
|
||||
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
|
||||
*
|
||||
* This specification defines identifiers for some of the groups in the IANA
|
||||
* registry. Implementations that support other groups that are in the IANA
|
||||
* registry should use the IANA value and a implementation-specific identifier.
|
||||
* Implemenations that support non-IANA groups should use one of the following
|
||||
* approaches for allocating a key type:
|
||||
*
|
||||
* 1. Select a ::psa_dh_group_t value in the range #PSA_DH_GROUP_VENDOR_MIN to
|
||||
* #PSA_DH_GROUP_VENDOR_MAX, which is a subset of the IANA private use
|
||||
* range.
|
||||
* 2. Select a ::psa_dh_group_t value from the named groups allocated for
|
||||
* GREASE in the IETF draft specification. The GREASE specification and
|
||||
* values are listed below.
|
||||
* 3. Use a ::psa_key_type_t value that is vendor-defined.
|
||||
*
|
||||
* Option 1 or 2 are recommended.
|
||||
*
|
||||
* The current draft of the GREASE specification is
|
||||
* https://datatracker.ietf.org/doc/draft-ietf-tls-grease
|
||||
*
|
||||
* The following GREASE values are allocated for named groups:
|
||||
* \code
|
||||
* 0x0A0A
|
||||
* 0x1A1A
|
||||
* 0x2A2A
|
||||
* 0x3A3A
|
||||
* 0x4A4A
|
||||
* 0x5A5A
|
||||
* 0x6A6A
|
||||
* 0x7A7A
|
||||
* 0x8A8A
|
||||
* 0x9A9A
|
||||
* 0xAAAA
|
||||
* 0xBABA
|
||||
* 0xCACA
|
||||
* 0xDADA
|
||||
* 0xEAEA
|
||||
* 0xFAFA
|
||||
* \endcode
|
||||
*/
|
||||
typedef uint16_t psa_dh_group_t;
|
||||
typedef uint32_t psa_dh_group_t;
|
||||
|
||||
/** \brief Encoding of a cryptographic algorithm.
|
||||
*
|
||||
|
@ -423,7 +423,7 @@
|
||||
|
||||
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x61000000)
|
||||
#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t)0x71000000)
|
||||
#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x0000ffff)
|
||||
#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x00ffffff)
|
||||
/** Elliptic curve key pair.
|
||||
*
|
||||
* \param curve A value of type ::psa_ecc_curve_t that identifies the
|
||||
@ -458,70 +458,52 @@
|
||||
((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
|
||||
0))
|
||||
|
||||
/* The encoding of curve identifiers is currently aligned with the
|
||||
* TLS Supported Groups Registry (formerly known as the
|
||||
* TLS EC Named Curve Registry)
|
||||
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
|
||||
* The values are defined by RFC 8422 and RFC 7027. */
|
||||
#define PSA_ECC_CURVE_SECT163K1 ((psa_ecc_curve_t) 0x0001)
|
||||
#define PSA_ECC_CURVE_SECT163R1 ((psa_ecc_curve_t) 0x0002)
|
||||
#define PSA_ECC_CURVE_SECT163R2 ((psa_ecc_curve_t) 0x0003)
|
||||
#define PSA_ECC_CURVE_SECT193R1 ((psa_ecc_curve_t) 0x0004)
|
||||
#define PSA_ECC_CURVE_SECT193R2 ((psa_ecc_curve_t) 0x0005)
|
||||
#define PSA_ECC_CURVE_SECT233K1 ((psa_ecc_curve_t) 0x0006)
|
||||
#define PSA_ECC_CURVE_SECT233R1 ((psa_ecc_curve_t) 0x0007)
|
||||
#define PSA_ECC_CURVE_SECT239K1 ((psa_ecc_curve_t) 0x0008)
|
||||
#define PSA_ECC_CURVE_SECT283K1 ((psa_ecc_curve_t) 0x0009)
|
||||
#define PSA_ECC_CURVE_SECT283R1 ((psa_ecc_curve_t) 0x000a)
|
||||
#define PSA_ECC_CURVE_SECT409K1 ((psa_ecc_curve_t) 0x000b)
|
||||
#define PSA_ECC_CURVE_SECT409R1 ((psa_ecc_curve_t) 0x000c)
|
||||
#define PSA_ECC_CURVE_SECT571K1 ((psa_ecc_curve_t) 0x000d)
|
||||
#define PSA_ECC_CURVE_SECT571R1 ((psa_ecc_curve_t) 0x000e)
|
||||
#define PSA_ECC_CURVE_SECP160K1 ((psa_ecc_curve_t) 0x000f)
|
||||
#define PSA_ECC_CURVE_SECP160R1 ((psa_ecc_curve_t) 0x0010)
|
||||
#define PSA_ECC_CURVE_SECP160R2 ((psa_ecc_curve_t) 0x0011)
|
||||
#define PSA_ECC_CURVE_SECP192K1 ((psa_ecc_curve_t) 0x0012)
|
||||
#define PSA_ECC_CURVE_SECP192R1 ((psa_ecc_curve_t) 0x0013)
|
||||
#define PSA_ECC_CURVE_SECP224K1 ((psa_ecc_curve_t) 0x0014)
|
||||
#define PSA_ECC_CURVE_SECP224R1 ((psa_ecc_curve_t) 0x0015)
|
||||
#define PSA_ECC_CURVE_SECP256K1 ((psa_ecc_curve_t) 0x0016)
|
||||
#define PSA_ECC_CURVE_SECP256R1 ((psa_ecc_curve_t) 0x0017)
|
||||
#define PSA_ECC_CURVE_SECP384R1 ((psa_ecc_curve_t) 0x0018)
|
||||
#define PSA_ECC_CURVE_SECP521R1 ((psa_ecc_curve_t) 0x0019)
|
||||
#define PSA_ECC_CURVE_BRAINPOOL_P256R1 ((psa_ecc_curve_t) 0x001a)
|
||||
#define PSA_ECC_CURVE_BRAINPOOL_P384R1 ((psa_ecc_curve_t) 0x001b)
|
||||
#define PSA_ECC_CURVE_BRAINPOOL_P512R1 ((psa_ecc_curve_t) 0x001c)
|
||||
#define PSA_ECC_CURVE_SECP160K1 ((psa_ecc_curve_t) 0x1600a0)
|
||||
#define PSA_ECC_CURVE_SECP192K1 ((psa_ecc_curve_t) 0x1600c0)
|
||||
#define PSA_ECC_CURVE_SECP224K1 ((psa_ecc_curve_t) 0x1600e0)
|
||||
#define PSA_ECC_CURVE_SECP256K1 ((psa_ecc_curve_t) 0x160100)
|
||||
#define PSA_ECC_CURVE_SECP160R1 ((psa_ecc_curve_t) 0x1200a0)
|
||||
#define PSA_ECC_CURVE_SECP192R1 ((psa_ecc_curve_t) 0x1200c0)
|
||||
#define PSA_ECC_CURVE_SECP224R1 ((psa_ecc_curve_t) 0x1200e0)
|
||||
#define PSA_ECC_CURVE_SECP256R1 ((psa_ecc_curve_t) 0x120100)
|
||||
#define PSA_ECC_CURVE_SECP384R1 ((psa_ecc_curve_t) 0x120180)
|
||||
#define PSA_ECC_CURVE_SECP521R1 ((psa_ecc_curve_t) 0x120209)
|
||||
#define PSA_ECC_CURVE_SECP160R2 ((psa_ecc_curve_t) 0x1a00a0)
|
||||
#define PSA_ECC_CURVE_SECT163K1 ((psa_ecc_curve_t) 0x2600a3)
|
||||
#define PSA_ECC_CURVE_SECT233K1 ((psa_ecc_curve_t) 0x2600e9)
|
||||
#define PSA_ECC_CURVE_SECT239K1 ((psa_ecc_curve_t) 0x2600ef)
|
||||
#define PSA_ECC_CURVE_SECT283K1 ((psa_ecc_curve_t) 0x26011b)
|
||||
#define PSA_ECC_CURVE_SECT409K1 ((psa_ecc_curve_t) 0x260199)
|
||||
#define PSA_ECC_CURVE_SECT571K1 ((psa_ecc_curve_t) 0x26023b)
|
||||
#define PSA_ECC_CURVE_SECT163R1 ((psa_ecc_curve_t) 0x2200a3)
|
||||
#define PSA_ECC_CURVE_SECT193R1 ((psa_ecc_curve_t) 0x2200c1)
|
||||
#define PSA_ECC_CURVE_SECT233R1 ((psa_ecc_curve_t) 0x2200e9)
|
||||
#define PSA_ECC_CURVE_SECT283R1 ((psa_ecc_curve_t) 0x22011b)
|
||||
#define PSA_ECC_CURVE_SECT409R1 ((psa_ecc_curve_t) 0x220199)
|
||||
#define PSA_ECC_CURVE_SECT571R1 ((psa_ecc_curve_t) 0x22023b)
|
||||
#define PSA_ECC_CURVE_SECT163R2 ((psa_ecc_curve_t) 0x2a00a3)
|
||||
#define PSA_ECC_CURVE_SECT193R2 ((psa_ecc_curve_t) 0x2a00c1)
|
||||
#define PSA_ECC_CURVE_BRAINPOOL_P256R1 ((psa_ecc_curve_t) 0x300100)
|
||||
#define PSA_ECC_CURVE_BRAINPOOL_P384R1 ((psa_ecc_curve_t) 0x300180)
|
||||
#define PSA_ECC_CURVE_BRAINPOOL_P512R1 ((psa_ecc_curve_t) 0x300200)
|
||||
/** Curve25519.
|
||||
*
|
||||
* This is the curve defined in Bernstein et al.,
|
||||
* _Curve25519: new Diffie-Hellman speed records_, LNCS 3958, 2006.
|
||||
* The algorithm #PSA_ALG_ECDH performs X25519 when used with this curve.
|
||||
*/
|
||||
#define PSA_ECC_CURVE_CURVE25519 ((psa_ecc_curve_t) 0x001d)
|
||||
#define PSA_ECC_CURVE_CURVE25519 ((psa_ecc_curve_t) 0x0200ff)
|
||||
/** Curve448
|
||||
*
|
||||
* This is the curve defined in Hamburg,
|
||||
* _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
|
||||
* The algorithm #PSA_ALG_ECDH performs X448 when used with this curve.
|
||||
*/
|
||||
#define PSA_ECC_CURVE_CURVE448 ((psa_ecc_curve_t) 0x001e)
|
||||
|
||||
/** Minimum value for a vendor-defined ECC curve identifier
|
||||
*
|
||||
* The range for vendor-defined curve identifiers is a subset of the IANA
|
||||
* registry private use range, `0xfe00` - `0xfeff`.
|
||||
*/
|
||||
#define PSA_ECC_CURVE_VENDOR_MIN ((psa_ecc_curve_t) 0xfe00)
|
||||
/** Maximum value for a vendor-defined ECC curve identifier
|
||||
*
|
||||
* The range for vendor-defined curve identifiers is a subset of the IANA
|
||||
* registry private use range, `0xfe00` - `0xfeff`.
|
||||
*/
|
||||
#define PSA_ECC_CURVE_VENDOR_MAX ((psa_ecc_curve_t) 0xfe7f)
|
||||
#define PSA_ECC_CURVE_CURVE448 ((psa_ecc_curve_t) 0x0201c0)
|
||||
|
||||
#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x62000000)
|
||||
#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x72000000)
|
||||
#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x0000ffff)
|
||||
#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x00ffffff)
|
||||
/** Diffie-Hellman key pair.
|
||||
*
|
||||
* \param group A value of type ::psa_dh_group_t that identifies the
|
||||
@ -556,29 +538,11 @@
|
||||
((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \
|
||||
0))
|
||||
|
||||
/* The encoding of group identifiers is currently aligned with the
|
||||
* TLS Supported Groups Registry (formerly known as the
|
||||
* TLS EC Named Curve Registry)
|
||||
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
|
||||
* The values are defined by RFC 7919. */
|
||||
#define PSA_DH_GROUP_FFDHE2048 ((psa_dh_group_t) 0x0100)
|
||||
#define PSA_DH_GROUP_FFDHE3072 ((psa_dh_group_t) 0x0101)
|
||||
#define PSA_DH_GROUP_FFDHE4096 ((psa_dh_group_t) 0x0102)
|
||||
#define PSA_DH_GROUP_FFDHE6144 ((psa_dh_group_t) 0x0103)
|
||||
#define PSA_DH_GROUP_FFDHE8192 ((psa_dh_group_t) 0x0104)
|
||||
|
||||
/** Minimum value for a vendor-defined Diffie Hellman group identifier
|
||||
*
|
||||
* The range for vendor-defined group identifiers is a subset of the IANA
|
||||
* registry private use range, `0x01fc` - `0x01ff`.
|
||||
*/
|
||||
#define PSA_DH_GROUP_VENDOR_MIN ((psa_dh_group_t) 0x01fc)
|
||||
/** Maximum value for a vendor-defined Diffie Hellman group identifier
|
||||
*
|
||||
* The range for vendor-defined group identifiers is a subset of the IANA
|
||||
* registry private use range, `0x01fc` - `0x01ff`.
|
||||
*/
|
||||
#define PSA_DH_GROUP_VENDOR_MAX ((psa_dh_group_t) 0x01fd)
|
||||
#define PSA_DH_GROUP_FFDHE2048 ((psa_dh_group_t) 0x020800)
|
||||
#define PSA_DH_GROUP_FFDHE3072 ((psa_dh_group_t) 0x020c00)
|
||||
#define PSA_DH_GROUP_FFDHE4096 ((psa_dh_group_t) 0x021000)
|
||||
#define PSA_DH_GROUP_FFDHE6144 ((psa_dh_group_t) 0x021800)
|
||||
#define PSA_DH_GROUP_FFDHE8192 ((psa_dh_group_t) 0x022000)
|
||||
|
||||
#define PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) \
|
||||
(((type) >> 24) & 7)
|
||||
|
@ -427,7 +427,8 @@ psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid,
|
||||
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve,
|
||||
size_t byte_length )
|
||||
{
|
||||
(void) byte_length;
|
||||
if( PSA_BITS_TO_BYTES( curve & 0xffff ) != byte_length )
|
||||
return( MBEDTLS_ECP_DP_NONE );
|
||||
switch( curve )
|
||||
{
|
||||
case PSA_ECC_CURVE_SECP192R1:
|
||||
|
@ -2594,7 +2594,9 @@ generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_KEY_USAG
|
||||
|
||||
PSA generate key: ECC, SECP256R1, incorrect bit size
|
||||
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_INVALID_ARGUMENT
|
||||
# INVALID_ARGUMENT would make more sense, but our code as currently structured
|
||||
# doesn't fully relate the curve with its size.
|
||||
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA generate key: RSA, default e
|
||||
generate_key_rsa:512:"":PSA_SUCCESS
|
||||
|
Loading…
Reference in New Issue
Block a user