Change key type encodings to avoid bit 16

Key types are now encoded through a category in the upper 4 bits (bits 28-31) and a type-within-category in the next 11 bits (bits 17-27), with bit 16 unused and bits 0-15 only used for the EC curve or DH group. For symmetric keys, bits 20-22 encode the block size (0x0=stream, 0x3=8B, 0x4=16B).
2025-07-30 22:43:08 +03:00 · 2019-12-02 17:22:26 +01:00
parent 8fe6e0de3a
commit 7bfcfac164
3 changed files with 18 additions and 18 deletions
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@ -381,7 +381,7 @@
 * The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or
 * 32 bytes (AES-256).
 */
-#define PSA_KEY_TYPE_AES                        ((psa_key_type_t)0x40010000)
+#define PSA_KEY_TYPE_AES                        ((psa_key_type_t)0x44020000)

 /** Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
 *
@ -392,17 +392,17 @@
 * deprecated and should only be used to decrypt legacy data. 3-key 3DES
 * is weak and deprecated and should only be used in legacy protocols.
 */
-#define PSA_KEY_TYPE_DES                        ((psa_key_type_t)0x40020000)
+#define PSA_KEY_TYPE_DES                        ((psa_key_type_t)0x43020000)

 /** Key for a cipher, AEAD or MAC algorithm based on the
 * Camellia block cipher. */
-#define PSA_KEY_TYPE_CAMELLIA                   ((psa_key_type_t)0x40030000)
+#define PSA_KEY_TYPE_CAMELLIA                   ((psa_key_type_t)0x44040000)

 /** Key for the RC4 stream cipher.
 *
 * Note that RC4 is weak and deprecated and should only be used in
 * legacy protocols. */
-#define PSA_KEY_TYPE_ARC4                       ((psa_key_type_t)0x40040000)
+#define PSA_KEY_TYPE_ARC4                       ((psa_key_type_t)0x40020000)

 /** Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.
 *
@ -411,18 +411,18 @@
 * Implementations must support 12-byte nonces, may support 8-byte nonces,
 * and should reject other sizes.
 */
-#define PSA_KEY_TYPE_CHACHA20                   ((psa_key_type_t)0x40050000)
+#define PSA_KEY_TYPE_CHACHA20                   ((psa_key_type_t)0x40040000)

 /** RSA public key. */
-#define PSA_KEY_TYPE_RSA_PUBLIC_KEY             ((psa_key_type_t)0x60010000)
+#define PSA_KEY_TYPE_RSA_PUBLIC_KEY             ((psa_key_type_t)0x60020000)
 /** RSA key pair (private and public key). */
-#define PSA_KEY_TYPE_RSA_KEY_PAIR                ((psa_key_type_t)0x70010000)
+#define PSA_KEY_TYPE_RSA_KEY_PAIR                ((psa_key_type_t)0x70020000)
 /** Whether a key type is an RSA key (pair or public-only). */
 #define PSA_KEY_TYPE_IS_RSA(type)                                       \
    (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)

-#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE        ((psa_key_type_t)0x60030000)
-#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE           ((psa_key_type_t)0x70030000)
+#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE        ((psa_key_type_t)0x61000000)
+#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE           ((psa_key_type_t)0x71000000)
 #define PSA_KEY_TYPE_ECC_CURVE_MASK             ((psa_key_type_t)0x0000ffff)
 /** Elliptic curve key pair.
 *
@ -519,8 +519,8 @@
 */
 #define PSA_ECC_CURVE_VENDOR_MAX        ((psa_ecc_curve_t) 0xfe7f)

-#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE         ((psa_key_type_t)0x60040000)
-#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE            ((psa_key_type_t)0x70040000)
+#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE         ((psa_key_type_t)0x62000000)
+#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE            ((psa_key_type_t)0x72000000)
 #define PSA_KEY_TYPE_DH_GROUP_MASK              ((psa_key_type_t)0x0000ffff)
 /** Diffie-Hellman key pair.
 *