From fd368e50d5ffd93e52235db0b6480d746ffdffda Mon Sep 17 00:00:00 2001 From: Andrew Thoelke Date: Wed, 25 Sep 2019 22:14:29 +0100 Subject: [PATCH] Support for vendor-defined ECC curves and DH groups Define a vendor-range within the the private use ranges in the IANA registry. Provide recommendations for how to support vendor-defined curves and groups. --- include/psa/crypto_types.h | 18 ++++++++++++++++++ include/psa/crypto_values.h | 26 ++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 03fe9bc42..521a765a0 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -76,6 +76,15 @@ typedef uint32_t psa_key_type_t; * This specification defines identifiers for some of the curves in the IANA * registry. Implementations that support other curves that are in the IANA * registry should use the IANA value and a implementation-specific identifier. + * Implemenations that support non-IANA curves should use one of the following + * approaches for allocating a key type: + * + * 1. Select a ::psa_ecc_curve_t value in the range #PSA_ECC_CURVE_VENDOR_MIN to + * #PSA_ECC_CURVE_VENDOR_MAX, which is a subset of the IANA private use + * range. + * 2. Use a ::psa_key_type_t value that is vendor-defined. + * + * The first option is recommended. */ typedef uint16_t psa_ecc_curve_t; @@ -90,6 +99,15 @@ typedef uint16_t psa_ecc_curve_t; * This specification defines identifiers for some of the groups in the IANA * registry. Implementations that support other groups that are in the IANA * registry should use the IANA value and a implementation-specific identifier. + * Implemenations that support non-IANA groups should use one of the following + * approaches for allocating a key type: + * + * 1. Select a ::psa_dh_group_t value in the range #PSA_DH_GROUP_VENDOR_MIN to + * #PSA_DH_GROUP_VENDOR_MAX, which is a subset of the IANA private use + * range. + * 2. Use a ::psa_key_type_t value that is vendor-defined. + * + * The first option is recommended. */ typedef uint16_t psa_dh_group_t; diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index fc0f9637f..58276c90b 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -495,6 +495,19 @@ */ #define PSA_ECC_CURVE_CURVE448 ((psa_ecc_curve_t) 0x001e) +/** Minimum value for a vendor-defined ECC curve identifier + * + * The range for vendor-defined curve identifiers is a subset of the IANA + * registry private use range, `0xfe00` - `0xfeff`. + */ +#define PSA_ECC_CURVE_VENDOR_MIN ((psa_ecc_curve_t) 0xfe00) +/** Maximum value for a vendor-defined ECC curve identifier + * + * The range for vendor-defined curve identifiers is a subset of the IANA + * registry private use range, `0xfe00` - `0xfeff`. + */ +#define PSA_ECC_CURVE_VENDOR_MAX ((psa_ecc_curve_t) 0xfe7f) + #define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x60040000) #define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x70040000) #define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x0000ffff) @@ -535,6 +548,19 @@ #define PSA_DH_GROUP_FFDHE6144 ((psa_dh_group_t) 0x0103) #define PSA_DH_GROUP_FFDHE8192 ((psa_dh_group_t) 0x0104) +/** Minimum value for a vendor-defined Diffie Hellman group identifier + * + * The range for vendor-defined group identifiers is a subset of the IANA + * registry private use range, `0x01fc` - `0x01ff`. + */ +#define PSA_DH_GROUP_VENDOR_MIN ((psa_dh_group_t) 0x01fc) +/** Maximum value for a vendor-defined Diffie Hellman group identifier + * + * The range for vendor-defined group identifiers is a subset of the IANA + * registry private use range, `0x01fc` - `0x01ff`. + */ +#define PSA_DH_GROUP_VENDOR_MAX ((psa_dh_group_t) 0x01fd) + /** The block size of a block cipher. * * \param type A cipher key type (value of type #psa_key_type_t).