Soter symmetric algorithm descriptor #
Soter algorithm descriptor is used by some cryptosystems to identify symmetric encryption algorithms. While in most cases it is used internally in API, some cryptosystems actually store corresponding descriptors with encrypted data.
Algorithm descriptors are 32-bit bitmasks with multiple fields:
28 24 20 16 12 8 4 0
+-------+-------+-------+-------+-------+-------+-------+-------+
| alg. | KDF | --- |padding| --- | key length |
+-------+-------+-------+-------+-------+-------+-------+-------+
where
- algorithm (4 bits) defines the encryption algorithm
- KDF (4 bits) identifies built-in key derivation function
- padding (4 bits) defines padding in use, if any
- key length (12 bits) stores the symmetric key length
Some of the bits are currently unused and reserved. They are always set to zero.
Supported values for the algorithm are:
0x1— AES-ECB (deprecated)0x2— AES-CTR0x3— AES-XTS0x4— AES-GCM
KDF choices are as follows:
0x0— Soter KDF (or no KDF, depending on context)0x1— PBKDF2 with HMAC-SHA-256
Supported padding options are:
0x0— no padding0x1— PKCS#7 padding
Available key lengths are:
0x080— 128 bits0x0C0— 192 bits0x100— 256 bits
Example #
Soter algorithm descriptors are most commonly found in Secure Cells
where the most common options are AES-GCM variants.
For example: 0x40010100, where you can see the data fields:
| Field | Offset | Data | Meaning |
|---|---|---|---|
| algorithm | 28 | 4 (4 bits) |
AES-GCM |
| KDF | 24 | 0 (4 bits) |
Soter KDF |
| reserved | 20 | 0 (4 bits) |
— |
| padding | 16 | 1 (4 bits) |
PKCS#7 padding |
| reserved | 12 | 0 (4 bits) |
— |
| key length | 0 | 100 (12 bits) |
256-bit key |
