Change the encoding of key types to have a parity bit
Change the encoding of key types, EC curve families and DH group families to make the low-order bit a parity bit (with even parity). This ensures that distinct key type values always have a Hamming distance of at least 2, which makes it easier for implementations to resist single bit flips.
This commit is contained in:
Gilles Peskine
parent
7d7c8dc8b0
commit
7cfcb3fc03
4 changed files with 52 additions and 34 deletions
|
|
@ -294,12 +294,12 @@
|
|||
#define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t)0x8000)
|
||||
|
||||
#define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x7000)
|
||||
#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x4000)
|
||||
#define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t)0x5000)
|
||||
#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t)0x6000)
|
||||
#define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t)0x1000)
|
||||
#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x2000)
|
||||
#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t)0x4000)
|
||||
#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t)0x7000)
|
||||
|
||||
#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t)0x1000)
|
||||
#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t)0x3000)
|
||||
|
||||
/** Whether a key type is vendor-defined.
|
||||
*
|
||||
|
|
@ -313,8 +313,8 @@
|
|||
* This encompasses both symmetric keys and non-key data.
|
||||
*/
|
||||
#define PSA_KEY_TYPE_IS_UNSTRUCTURED(type) \
|
||||
(((type) & PSA_KEY_TYPE_CATEGORY_MASK & ~(psa_key_type_t)0x1000) == \
|
||||
PSA_KEY_TYPE_CATEGORY_SYMMETRIC)
|
||||
(((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_RAW || \
|
||||
((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC)
|
||||
|
||||
/** Whether a key type is asymmetric: either a key pair or a public key. */
|
||||
#define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \
|
||||
|
|
@ -357,7 +357,7 @@
|
|||
*
|
||||
* A "key" of this type cannot be used for any cryptographic operation.
|
||||
* Applications may use this type to store arbitrary data in the keystore. */
|
||||
#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x5001)
|
||||
#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x1001)
|
||||
|
||||
/** HMAC key.
|
||||
*
|
||||
|
|
@ -367,21 +367,21 @@
|
|||
* HMAC keys should generally have the same size as the underlying hash.
|
||||
* This size can be calculated with #PSA_HASH_SIZE(\c alg) where
|
||||
* \c alg is the HMAC algorithm or the underlying hash algorithm. */
|
||||
#define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x5100)
|
||||
#define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x1100)
|
||||
|
||||
/** A secret for key derivation.
|
||||
*
|
||||
* The key policy determines which key derivation algorithm the key
|
||||
* can be used for.
|
||||
*/
|
||||
#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x5200)
|
||||
#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x1200)
|
||||
|
||||
/** Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.
|
||||
*
|
||||
* The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or
|
||||
* 32 bytes (AES-256).
|
||||
*/
|
||||
#define PSA_KEY_TYPE_AES ((psa_key_type_t)0x4402)
|
||||
#define PSA_KEY_TYPE_AES ((psa_key_type_t)0x2400)
|
||||
|
||||
/** Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
|
||||
*
|
||||
|
|
@ -392,17 +392,17 @@
|
|||
* deprecated and should only be used to decrypt legacy data. 3-key 3DES
|
||||
* is weak and deprecated and should only be used in legacy protocols.
|
||||
*/
|
||||
#define PSA_KEY_TYPE_DES ((psa_key_type_t)0x4302)
|
||||
#define PSA_KEY_TYPE_DES ((psa_key_type_t)0x2301)
|
||||
|
||||
/** Key for a cipher, AEAD or MAC algorithm based on the
|
||||
* Camellia block cipher. */
|
||||
#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x4404)
|
||||
#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x2403)
|
||||
|
||||
/** Key for the RC4 stream cipher.
|
||||
*
|
||||
* Note that RC4 is weak and deprecated and should only be used in
|
||||
* legacy protocols. */
|
||||
#define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x4002)
|
||||
#define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x2002)
|
||||
|
||||
/** Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.
|
||||
*
|
||||
|
|
@ -411,17 +411,17 @@
|
|||
* Implementations must support 12-byte nonces, may support 8-byte nonces,
|
||||
* and should reject other sizes.
|
||||
*/
|
||||
#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x4004)
|
||||
#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x2004)
|
||||
|
||||
/** RSA public key. */
|
||||
#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x6002)
|
||||
#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x4001)
|
||||
/** RSA key pair (private and public key). */
|
||||
#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x7002)
|
||||
#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x7001)
|
||||
/** Whether a key type is an RSA key (pair or public-only). */
|
||||
#define PSA_KEY_TYPE_IS_RSA(type) \
|
||||
(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
|
||||
|
||||
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x6100)
|
||||
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x4100)
|
||||
#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t)0x7100)
|
||||
#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x00ff)
|
||||
/** Elliptic curve key pair.
|
||||
|
|
@ -466,7 +466,7 @@
|
|||
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
|
||||
* https://www.secg.org/sec2-v2.pdf
|
||||
*/
|
||||
#define PSA_ECC_CURVE_SECP_K1 ((psa_ecc_curve_t) 0x16)
|
||||
#define PSA_ECC_CURVE_SECP_K1 ((psa_ecc_curve_t) 0x17)
|
||||
|
||||
/** SEC random curves over prime fields.
|
||||
*
|
||||
|
|
@ -478,7 +478,7 @@
|
|||
*/
|
||||
#define PSA_ECC_CURVE_SECP_R1 ((psa_ecc_curve_t) 0x12)
|
||||
/* SECP160R2 (SEC2 v1, obsolete) */
|
||||
#define PSA_ECC_CURVE_SECP_R2 ((psa_ecc_curve_t) 0x1a)
|
||||
#define PSA_ECC_CURVE_SECP_R2 ((psa_ecc_curve_t) 0x1b)
|
||||
|
||||
/** SEC Koblitz curves over binary fields.
|
||||
*
|
||||
|
|
@ -488,7 +488,7 @@
|
|||
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
|
||||
* https://www.secg.org/sec2-v2.pdf
|
||||
*/
|
||||
#define PSA_ECC_CURVE_SECT_K1 ((psa_ecc_curve_t) 0x26)
|
||||
#define PSA_ECC_CURVE_SECT_K1 ((psa_ecc_curve_t) 0x27)
|
||||
|
||||
/** SEC random curves over binary fields.
|
||||
*
|
||||
|
|
@ -508,7 +508,7 @@
|
|||
* _SEC 2: Recommended Elliptic Curve Domain Parameters_.
|
||||
* https://www.secg.org/sec2-v2.pdf
|
||||
*/
|
||||
#define PSA_ECC_CURVE_SECT_R2 ((psa_ecc_curve_t) 0x2a)
|
||||
#define PSA_ECC_CURVE_SECT_R2 ((psa_ecc_curve_t) 0x2b)
|
||||
|
||||
/** Brainpool P random curves.
|
||||
*
|
||||
|
|
@ -529,9 +529,9 @@
|
|||
* _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
|
||||
* The algorithm #PSA_ALG_ECDH performs X448 when used with this curve.
|
||||
*/
|
||||
#define PSA_ECC_CURVE_MONTGOMERY ((psa_ecc_curve_t) 0x40)
|
||||
#define PSA_ECC_CURVE_MONTGOMERY ((psa_ecc_curve_t) 0x41)
|
||||
|
||||
#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x6200)
|
||||
#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x4200)
|
||||
#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x7200)
|
||||
#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x00ff)
|
||||
/** Diffie-Hellman key pair.
|
||||
|
|
@ -574,7 +574,7 @@
|
|||
* 2048, 3072, 4096, 6144, 8192. A given implementation may support
|
||||
* all of these sizes or only a subset.
|
||||
*/
|
||||
#define PSA_DH_GROUP_RFC7919 ((psa_dh_group_t) 0x02)
|
||||
#define PSA_DH_GROUP_RFC7919 ((psa_dh_group_t) 0x03)
|
||||
|
||||
#define PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) \
|
||||
(((type) >> 8) & 7)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue