From 67546802fe4106f91bb12a2f8882ee191716f63c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Feb 2021 21:49:40 +0100 Subject: [PATCH] New elliptic curve family: twisted Edwards Add an elliptic curve family for the twisted Edwards curves Edwards25519 and Edwards448 ("Goldilocks"). As with Montgomery curves, since these are the only two curves in common use, the family has a generic name. Signed-off-by: Gilles Peskine --- include/psa/crypto.h | 9 +++- include/psa/crypto_values.h | 14 +++++ programs/psa/psa_constant_names_generated.c | 1 + scripts/mbedtls_dev/crypto_knowledge.py | 1 + .../test_suite_psa_crypto_metadata.data | 3 ++ ...te_psa_crypto_not_supported.generated.data | 54 +++++++++++++++++++ 6 files changed, 81 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 7ee3293be..d1609f8bb 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -709,6 +709,8 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, * For Weierstrass curves, this is the content of the `privateKey` field of * the `ECPrivateKey` format defined by RFC 5915. For Montgomery curves, * the format is defined by RFC 7748, and output is masked according to ยง5. + * For twisted Edwards curves, the private key is as defined by RFC 8032 + * (a 32-byte string for Edwards25519, a 57-byte string for Edwards448). * - For Diffie-Hellman key exchange key pairs (key types for which * #PSA_KEY_TYPE_IS_DH_KEY_PAIR is true), the * format is the representation of the private key `x` as a big-endian byte @@ -774,7 +776,12 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key, * modulus INTEGER, -- n * publicExponent INTEGER } -- e * ``` - * - For elliptic curve public keys (key types for which + * - For elliptic curve keys on a twisted Edwards curve (key types for which + * #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true and #PSA_KEY_TYPE_GET_CURVE + * returns #PSA_ECC_FAMILY_TWISTED_EDWARDS), the public key is as defined + * by RFC 8032 + * (a 32-byte string for Edwards25519, a 57-byte string for Edwards448). + * - For other elliptic curve public keys (key types for which * #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed * representation defined by SEC1 §2.3.3 as the content of an ECPoint. * Let `m` be the bit size associated with the curve, i.e. the bit size of diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index a448bc5c9..df159c44b 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -569,6 +569,20 @@ */ #define PSA_ECC_FAMILY_MONTGOMERY ((psa_ecc_family_t) 0x41) +/** The twisted Edwards curves Ed25519 and Ed448. + * + * These curves are suitable for EdDSA. + * + * This family comprises the following twisted Edwards curves: + * - 256-bit: Edwards25519, the twisted Edwards curve birationally equivalent + * to Curve25519. + * Bernstein et al., _Twisted Edwards curves_, Africacrypt 2008. + * - 448-bit: Edwards448, the twisted Edwards curve birationally equivalent + * to Curve448. + * Hamburg, _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015. + */ +#define PSA_ECC_FAMILY_TWISTED_EDWARDS ((psa_ecc_family_t) 0x42) + #define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x4200) #define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x7200) #define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x00ff) diff --git a/programs/psa/psa_constant_names_generated.c b/programs/psa/psa_constant_names_generated.c index f797c027f..4410432c9 100644 --- a/programs/psa/psa_constant_names_generated.c +++ b/programs/psa/psa_constant_names_generated.c @@ -40,6 +40,7 @@ static const char *psa_ecc_family_name(psa_ecc_family_t curve) case PSA_ECC_FAMILY_SECT_K1: return "PSA_ECC_FAMILY_SECT_K1"; case PSA_ECC_FAMILY_SECT_R1: return "PSA_ECC_FAMILY_SECT_R1"; case PSA_ECC_FAMILY_SECT_R2: return "PSA_ECC_FAMILY_SECT_R2"; + case PSA_ECC_FAMILY_TWISTED_EDWARDS: return "PSA_ECC_FAMILY_TWISTED_EDWARDS"; default: return NULL; } } diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py index 02c09608d..642e7254f 100644 --- a/scripts/mbedtls_dev/crypto_knowledge.py +++ b/scripts/mbedtls_dev/crypto_knowledge.py @@ -78,6 +78,7 @@ class KeyType: 'PSA_ECC_FAMILY_SECT_R2': (163,), 'PSA_ECC_FAMILY_BRAINPOOL_P_R1': (160, 192, 224, 256, 320, 384, 512), 'PSA_ECC_FAMILY_MONTGOMERY': (255, 448), + 'PSA_ECC_FAMILY_TWISTED_EDWARDS': (256, 448), } KEY_TYPE_SIZES = { 'PSA_KEY_TYPE_AES': (128, 192, 256), # exhaustive diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 301a9744b..5e3a8604a 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -304,5 +304,8 @@ ecc_key_family:PSA_ECC_FAMILY_BRAINPOOL_P_R1 ECC key family: Montgomery (Curve25519, Curve448) ecc_key_family:PSA_ECC_FAMILY_MONTGOMERY +ECC key family: Twisted Edwards (Ed25519, Ed448) +ecc_key_family:PSA_ECC_FAMILY_TWISTED_EDWARDS + DH group family: RFC 7919 dh_key_family:PSA_DH_FAMILY_RFC7919 diff --git a/tests/suites/test_suite_psa_crypto_not_supported.generated.data b/tests/suites/test_suite_psa_crypto_not_supported.generated.data index 44df2b1ef..c8f4cf49a 100644 --- a/tests/suites/test_suite_psa_crypto_not_supported.generated.data +++ b/tests/suites/test_suite_psa_crypto_not_supported.generated.data @@ -965,4 +965,58 @@ PSA import ECC_PUBLIC_KEY(SECT_R2) 163-bit curve not supported depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_R2_163:DEPENDENCY_NOT_IMPLEMENTED_YET import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f" +PSA import ECC_KEY_PAIR(TWISTED_EDWARDS) 256-bit type not supported +depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_TWISTED_EDWARDS_256:DEPENDENCY_NOT_IMPLEMENTED_YET +import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):"48657265006973206b6579a06461746148657265006973206b6579a064617461" + +PSA generate ECC_KEY_PAIR(TWISTED_EDWARDS) 256-bit type not supported +depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_TWISTED_EDWARDS_256:DEPENDENCY_NOT_IMPLEMENTED_YET +generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):256 + +PSA import ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit type not supported +depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET +import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a0646174614865726500697320" + +PSA generate ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit type not supported +depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET +generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):448 + +PSA import ECC_KEY_PAIR(TWISTED_EDWARDS) 256-bit curve not supported +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_TWISTED_EDWARDS_256:DEPENDENCY_NOT_IMPLEMENTED_YET +import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):"48657265006973206b6579a06461746148657265006973206b6579a064617461" + +PSA generate ECC_KEY_PAIR(TWISTED_EDWARDS) 256-bit curve not supported +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_TWISTED_EDWARDS_256:DEPENDENCY_NOT_IMPLEMENTED_YET +generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):256 + +PSA import ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit curve not supported +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET +import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a0646174614865726500697320" + +PSA generate ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit curve not supported +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET +generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):448 + +PSA import ECC_PUBLIC_KEY(TWISTED_EDWARDS) 256-bit type not supported +depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_TWISTED_EDWARDS_256:DEPENDENCY_NOT_IMPLEMENTED_YET +import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):"48657265006973206b6579a06461746148657265006973206b6579a064617461" + +PSA generate ECC_PUBLIC_KEY(TWISTED_EDWARDS) 256-bit type never supported +generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):256 + +PSA import ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit type not supported +depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET +import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a0646174614865726500697320" + +PSA generate ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit type never supported +generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):448 + +PSA import ECC_PUBLIC_KEY(TWISTED_EDWARDS) 256-bit curve not supported +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_TWISTED_EDWARDS_256:DEPENDENCY_NOT_IMPLEMENTED_YET +import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):"48657265006973206b6579a06461746148657265006973206b6579a064617461" + +PSA import ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit curve not supported +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET +import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a0646174614865726500697320" + # End of automatically generated file.