Define EC curve family constants
Define constants for ECC curve families and DH group families. These
constants have 0x0000 in the lower 16 bits of the key type.
Support these constants in the implementation and in the PSA metadata
tests.
Switch the slot management and secure element driver HAL tests to the
new curve encodings. This requires SE driver code to become slightly
more clever when figuring out the bit-size of an imported EC key since
it now needs to take the data size into account.
Switch some documentation to the new encodings.
Remove the macro PSA_ECC_CURVE_BITS which can no longer be implemented.
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 07be2b9..2b07b74 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -3502,10 +3502,10 @@
* length is determined by the curve, and sets the mandatory bits
* accordingly. That is:
*
- * - #PSA_ECC_CURVE_CURVE25519: draw a 32-byte string
- * and process it as specified in RFC 7748 §5.
- * - #PSA_ECC_CURVE_CURVE448: draw a 56-byte string
- * and process it as specified in RFC 7748 §5.
+ * - Curve25519 (#PSA_ECC_CURVE_MONTGOMERY, 255 bits): draw a 32-byte
+ * string and process it as specified in RFC 7748 §5.
+ * - Curve448 (#PSA_ECC_CURVE_MONTGOMERY, 448 bits): draw a 56-byte
+ * string and process it as specified in RFC 7748 §5.
*
* - For key types for which the key is represented by a single sequence of
* \p bits bits with constraints as to which bit sequences are acceptable,
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 70ea4b6..1f04222 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -190,16 +190,6 @@
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
#endif
-/** Bit size associated with an elliptic curve.
- *
- * \param curve An elliptic curve (value of type #psa_ecc_curve_t).
- *
- * \return The size associated with \p curve, in bits.
- * This may be 0 if the implementation does not support
- * the specified curve.
- */
-#define PSA_ECC_CURVE_BITS(curve) ((curve) & 0xffff)
-
/** \def PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN
*
* This macro returns the maximum length of the PSK supported
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
index 03180c6..b951cd5 100644
--- a/include/psa/crypto_types.h
+++ b/include/psa/crypto_types.h
@@ -65,7 +65,7 @@
*/
typedef uint32_t psa_key_type_t;
-/** The type of PSA elliptic curve identifiers.
+/** The type of PSA elliptic curve family identifiers.
*
* The curve identifier is required to create an ECC key using the
* PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
@@ -73,7 +73,7 @@
*/
typedef uint32_t psa_ecc_curve_t;
-/** The type of PSA Diffie-Hellman group identifiers.
+/** The type of PSA Diffie-Hellman group family identifiers.
*
* The group identifier is required to create an Diffie-Hellman key using the
* PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 87ad15f..93b7d2c 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -458,6 +458,79 @@
((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
0))
+/** SEC Koblitz curves over prime fields.
+ *
+ * This family comprises the following curves:
+ * secp192k1, secp224k1, secp256k1.
+ * They are defined in _Standards for Efficient Cryptography_,
+ * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
+ * https://www.secg.org/sec2-v2.pdf
+ */
+#define PSA_ECC_CURVE_SECP_K1 ((psa_ecc_curve_t) 0x160000)
+
+/** SEC random curves over prime fields.
+ *
+ * This family comprises the following curves:
+ * secp192k1, secp224r1, secp256r1, secp384r1, secp521r1.
+ * They are defined in _Standards for Efficient Cryptography_,
+ * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
+ * https://www.secg.org/sec2-v2.pdf
+ */
+#define PSA_ECC_CURVE_SECP_R1 ((psa_ecc_curve_t) 0x120000)
+/* SECP160R2 (SEC2 v1, obsolete) */
+#define PSA_ECC_CURVE_SECP_R2 ((psa_ecc_curve_t) 0x1a0000)
+
+/** SEC Koblitz curves over binary fields.
+ *
+ * This family comprises the following curves:
+ * sect163k1, sect233k1, sect239k1, sect283k1, sect409k1, sect571k1.
+ * They are defined in _Standards for Efficient Cryptography_,
+ * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
+ * https://www.secg.org/sec2-v2.pdf
+ */
+#define PSA_ECC_CURVE_SECT_K1 ((psa_ecc_curve_t) 0x260000)
+
+/** SEC random curves over binary fields.
+ *
+ * This family comprises the following curves:
+ * sect163r1, sect233r1, sect283r1, sect409r1, sect571r1.
+ * They are defined in _Standards for Efficient Cryptography_,
+ * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
+ * https://www.secg.org/sec2-v2.pdf
+ */
+#define PSA_ECC_CURVE_SECT_R1 ((psa_ecc_curve_t) 0x220000)
+
+/** SEC additional random curves over binary fields.
+ *
+ * This family comprises the following curve:
+ * sect163r2.
+ * It is defined in _Standards for Efficient Cryptography_,
+ * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
+ * https://www.secg.org/sec2-v2.pdf
+ */
+#define PSA_ECC_CURVE_SECT_R2 ((psa_ecc_curve_t) 0x2a0000)
+
+/** Brainpool P random curves.
+ *
+ * This family comprises the following curves:
+ * brainpoolP160r1, brainpoolP192r1, brainpoolP224r1, brainpoolP256r1,
+ * brainpoolP320r1, brainpoolP384r1, brainpoolP512r1.
+ * It is defined in RFC 5639.
+ */
+#define PSA_ECC_CURVE_BRAINPOOL_P_R1 ((psa_ecc_curve_t) 0x300000)
+
+/** Curve25519 and Curve448.
+ *
+ * This family comprises the following Montgomery curves:
+ * - 255-bit: Bernstein et al.,
+ * _Curve25519: new Diffie-Hellman speed records_, LNCS 3958, 2006.
+ * The algorithm #PSA_ALG_ECDH performs X25519 when used with this curve.
+ * - 448-bit: Hamburg,
+ * _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
+ * The algorithm #PSA_ALG_ECDH performs X448 when used with this curve.
+ */
+#define PSA_ECC_CURVE_MONTGOMERY ((psa_ecc_curve_t) 0x400000)
+
#define PSA_ECC_CURVE_SECP160K1 ((psa_ecc_curve_t) 0x1600a0)
#define PSA_ECC_CURVE_SECP192K1 ((psa_ecc_curve_t) 0x1600c0)
#define PSA_ECC_CURVE_SECP224K1 ((psa_ecc_curve_t) 0x1600e0)
@@ -538,6 +611,14 @@
((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \
0))
+/** Diffie-Hellman groups defined in RFC 7919 Appendix A.
+ *
+ * This family includes groups with the following key sizes (in bits):
+ * 2048, 3072, 4096, 6144, 8192. A given implementation may support
+ * all of these sizes or only a subset.
+ */
+#define PSA_DH_GROUP_RFC7919 ((psa_dh_group_t) 0x020000)
+
#define PSA_DH_GROUP_FFDHE2048 ((psa_dh_group_t) 0x020800)
#define PSA_DH_GROUP_FFDHE3072 ((psa_dh_group_t) 0x020c00)
#define PSA_DH_GROUP_FFDHE4096 ((psa_dh_group_t) 0x021000)