New elliptic curve family: twisted Edwards

Add an elliptic curve family for the twisted Edwards curves
Edwards25519 and Edwards448 ("Goldilocks"). As with Montgomery curves,
since these are the only two curves in common use, the family has a
generic name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-02-24 21:49:40 +01:00
parent 4a7074022a
commit 67546802fe
6 changed files with 81 additions and 1 deletions

View file

@ -709,6 +709,8 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
* For Weierstrass curves, this is the content of the `privateKey` field of * For Weierstrass curves, this is the content of the `privateKey` field of
* the `ECPrivateKey` format defined by RFC 5915. For Montgomery curves, * the `ECPrivateKey` format defined by RFC 5915. For Montgomery curves,
* the format is defined by RFC 7748, and output is masked according to §5. * the format is defined by RFC 7748, and output is masked according to §5.
* For twisted Edwards curves, the private key is as defined by RFC 8032
* (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
* - For Diffie-Hellman key exchange key pairs (key types for which * - For Diffie-Hellman key exchange key pairs (key types for which
* #PSA_KEY_TYPE_IS_DH_KEY_PAIR is true), the * #PSA_KEY_TYPE_IS_DH_KEY_PAIR is true), the
* format is the representation of the private key `x` as a big-endian byte * format is the representation of the private key `x` as a big-endian byte
@ -774,7 +776,12 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
* modulus INTEGER, -- n * modulus INTEGER, -- n
* publicExponent INTEGER } -- e * publicExponent INTEGER } -- e
* ``` * ```
* - For elliptic curve public keys (key types for which * - For elliptic curve keys on a twisted Edwards curve (key types for which
* #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true and #PSA_KEY_TYPE_GET_CURVE
* returns #PSA_ECC_FAMILY_TWISTED_EDWARDS), the public key is as defined
* by RFC 8032
* (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
* - For other elliptic curve public keys (key types for which
* #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed * #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed
* representation defined by SEC1 &sect;2.3.3 as the content of an ECPoint. * representation defined by SEC1 &sect;2.3.3 as the content of an ECPoint.
* Let `m` be the bit size associated with the curve, i.e. the bit size of * Let `m` be the bit size associated with the curve, i.e. the bit size of

View file

@ -569,6 +569,20 @@
*/ */
#define PSA_ECC_FAMILY_MONTGOMERY ((psa_ecc_family_t) 0x41) #define PSA_ECC_FAMILY_MONTGOMERY ((psa_ecc_family_t) 0x41)
/** The twisted Edwards curves Ed25519 and Ed448.
*
* These curves are suitable for EdDSA.
*
* This family comprises the following twisted Edwards curves:
* - 256-bit: Edwards25519, the twisted Edwards curve birationally equivalent
* to Curve25519.
* Bernstein et al., _Twisted Edwards curves_, Africacrypt 2008.
* - 448-bit: Edwards448, the twisted Edwards curve birationally equivalent
* to Curve448.
* Hamburg, _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
*/
#define PSA_ECC_FAMILY_TWISTED_EDWARDS ((psa_ecc_family_t) 0x42)
#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x4200) #define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x4200)
#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x7200) #define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x7200)
#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x00ff) #define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x00ff)

View file

@ -40,6 +40,7 @@ static const char *psa_ecc_family_name(psa_ecc_family_t curve)
case PSA_ECC_FAMILY_SECT_K1: return "PSA_ECC_FAMILY_SECT_K1"; case PSA_ECC_FAMILY_SECT_K1: return "PSA_ECC_FAMILY_SECT_K1";
case PSA_ECC_FAMILY_SECT_R1: return "PSA_ECC_FAMILY_SECT_R1"; case PSA_ECC_FAMILY_SECT_R1: return "PSA_ECC_FAMILY_SECT_R1";
case PSA_ECC_FAMILY_SECT_R2: return "PSA_ECC_FAMILY_SECT_R2"; case PSA_ECC_FAMILY_SECT_R2: return "PSA_ECC_FAMILY_SECT_R2";
case PSA_ECC_FAMILY_TWISTED_EDWARDS: return "PSA_ECC_FAMILY_TWISTED_EDWARDS";
default: return NULL; default: return NULL;
} }
} }

View file

@ -78,6 +78,7 @@ class KeyType:
'PSA_ECC_FAMILY_SECT_R2': (163,), 'PSA_ECC_FAMILY_SECT_R2': (163,),
'PSA_ECC_FAMILY_BRAINPOOL_P_R1': (160, 192, 224, 256, 320, 384, 512), 'PSA_ECC_FAMILY_BRAINPOOL_P_R1': (160, 192, 224, 256, 320, 384, 512),
'PSA_ECC_FAMILY_MONTGOMERY': (255, 448), 'PSA_ECC_FAMILY_MONTGOMERY': (255, 448),
'PSA_ECC_FAMILY_TWISTED_EDWARDS': (256, 448),
} }
KEY_TYPE_SIZES = { KEY_TYPE_SIZES = {
'PSA_KEY_TYPE_AES': (128, 192, 256), # exhaustive 'PSA_KEY_TYPE_AES': (128, 192, 256), # exhaustive

View file

@ -304,5 +304,8 @@ ecc_key_family:PSA_ECC_FAMILY_BRAINPOOL_P_R1
ECC key family: Montgomery (Curve25519, Curve448) ECC key family: Montgomery (Curve25519, Curve448)
ecc_key_family:PSA_ECC_FAMILY_MONTGOMERY ecc_key_family:PSA_ECC_FAMILY_MONTGOMERY
ECC key family: Twisted Edwards (Ed25519, Ed448)
ecc_key_family:PSA_ECC_FAMILY_TWISTED_EDWARDS
DH group family: RFC 7919 DH group family: RFC 7919
dh_key_family:PSA_DH_FAMILY_RFC7919 dh_key_family:PSA_DH_FAMILY_RFC7919

View file

@ -965,4 +965,58 @@ PSA import ECC_PUBLIC_KEY(SECT_R2) 163-bit curve not supported
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_R2_163:DEPENDENCY_NOT_IMPLEMENTED_YET depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_R2_163:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f" import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f"
PSA import ECC_KEY_PAIR(TWISTED_EDWARDS) 256-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_TWISTED_EDWARDS_256:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):"48657265006973206b6579a06461746148657265006973206b6579a064617461"
PSA generate ECC_KEY_PAIR(TWISTED_EDWARDS) 256-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_TWISTED_EDWARDS_256:DEPENDENCY_NOT_IMPLEMENTED_YET
generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):256
PSA import ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a0646174614865726500697320"
PSA generate ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET
generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):448
PSA import ECC_KEY_PAIR(TWISTED_EDWARDS) 256-bit curve not supported
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_TWISTED_EDWARDS_256:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):"48657265006973206b6579a06461746148657265006973206b6579a064617461"
PSA generate ECC_KEY_PAIR(TWISTED_EDWARDS) 256-bit curve not supported
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_TWISTED_EDWARDS_256:DEPENDENCY_NOT_IMPLEMENTED_YET
generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):256
PSA import ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit curve not supported
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a0646174614865726500697320"
PSA generate ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit curve not supported
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET
generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):448
PSA import ECC_PUBLIC_KEY(TWISTED_EDWARDS) 256-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_TWISTED_EDWARDS_256:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):"48657265006973206b6579a06461746148657265006973206b6579a064617461"
PSA generate ECC_PUBLIC_KEY(TWISTED_EDWARDS) 256-bit type never supported
generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):256
PSA import ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a0646174614865726500697320"
PSA generate ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit type never supported
generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):448
PSA import ECC_PUBLIC_KEY(TWISTED_EDWARDS) 256-bit curve not supported
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_TWISTED_EDWARDS_256:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):"48657265006973206b6579a06461746148657265006973206b6579a064617461"
PSA import ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit curve not supported
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a0646174614865726500697320"
# End of automatically generated file. # End of automatically generated file.