Support for vendor-defined ECC curves and DH groups

athoelke · athoelke · commit fd368e50d5ff · 2019-09-25T22:14:29.000+01:00
Define a vendor-range within the the private use ranges in the IANA 
registry. Provide recommendations for how to support vendor-defined 
curves and groups.
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
@@ -76,6 +76,15 @@ typedef uint32_t psa_key_type_t;
  * This specification defines identifiers for some of the curves in the IANA
  * registry. Implementations that support other curves that are in the IANA
  * registry should use the IANA value and a implementation-specific identifier.
+ * Implemenations that support non-IANA curves should use one of the following
+ * approaches for allocating a key type:
+ *
+ * 1. Select a ::psa_ecc_curve_t value in the range #PSA_ECC_CURVE_VENDOR_MIN to
+ *    #PSA_ECC_CURVE_VENDOR_MAX, which is a subset of the IANA private use
+ *    range.
+ * 2. Use a ::psa_key_type_t value that is vendor-defined.
+ *
+ * The first option is recommended.
  */
 typedef uint16_t psa_ecc_curve_t;
 
@@ -90,6 +99,15 @@ typedef uint16_t psa_ecc_curve_t;
  * This specification defines identifiers for some of the groups in the IANA
  * registry. Implementations that support other groups that are in the IANA
  * registry should use the IANA value and a implementation-specific identifier.
+ * Implemenations that support non-IANA groups should use one of the following
+ * approaches for allocating a key type:
+ *
+ * 1. Select a ::psa_dh_group_t value in the range #PSA_DH_GROUP_VENDOR_MIN to
+ *    #PSA_DH_GROUP_VENDOR_MAX, which is a subset of the IANA private use
+ *    range.
+ * 2. Use a ::psa_key_type_t value that is vendor-defined.
+ *
+ * The first option is recommended.
  */
 typedef uint16_t psa_dh_group_t;
 
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
@@ -495,6 +495,19 @@
  */
 #define PSA_ECC_CURVE_CURVE448          ((psa_ecc_curve_t) 0x001e)
 
+/** Minimum value for a vendor-defined ECC curve identifier
+ *
+ * The range for vendor-defined curve identifiers is a subset of the IANA
+ * registry private use range, `0xfe00` - `0xfeff`.
+ */
+#define PSA_ECC_CURVE_VENDOR_MIN        ((psa_ecc_curve_t) 0xfe00)
+/** Maximum value for a vendor-defined ECC curve identifier
+ *
+ * The range for vendor-defined curve identifiers is a subset of the IANA
+ * registry private use range, `0xfe00` - `0xfeff`.
+ */
+#define PSA_ECC_CURVE_VENDOR_MAX        ((psa_ecc_curve_t) 0xfe7f)
+
 #define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE         ((psa_key_type_t)0x60040000)
 #define PSA_KEY_TYPE_DH_KEY_PAIR_BASE            ((psa_key_type_t)0x70040000)
 #define PSA_KEY_TYPE_DH_GROUP_MASK              ((psa_key_type_t)0x0000ffff)
@@ -535,6 +548,19 @@
 #define PSA_DH_GROUP_FFDHE6144          ((psa_dh_group_t) 0x0103)
 #define PSA_DH_GROUP_FFDHE8192          ((psa_dh_group_t) 0x0104)
 
+/** Minimum value for a vendor-defined Diffie Hellman group identifier
+ *
+ * The range for vendor-defined group identifiers is a subset of the IANA
+ * registry private use range, `0x01fc` - `0x01ff`.
+ */
+#define PSA_DH_GROUP_VENDOR_MIN         ((psa_dh_group_t) 0x01fc)
+/** Maximum value for a vendor-defined Diffie Hellman group identifier
+ *
+ * The range for vendor-defined group identifiers is a subset of the IANA
+ * registry private use range, `0x01fc` - `0x01ff`.
+ */
+#define PSA_DH_GROUP_VENDOR_MAX         ((psa_dh_group_t) 0x01fd)
+
 /** The block size of a block cipher.
  *
  * \param type  A cipher key type (value of type #psa_key_type_t).
