Platform Security Architecture — cryptography and keystore interface  Working draft
Functions
Key derivation

Functions

psa_status_t psa_key_derivation (psa_crypto_generator_t *generator, psa_key_slot_t key, psa_algorithm_t alg, const uint8_t *salt, size_t salt_length, const uint8_t *label, size_t label_length, size_t capacity)
 

Detailed Description

Function Documentation

◆ psa_key_derivation()

psa_status_t psa_key_derivation ( psa_crypto_generator_t generator,
psa_key_slot_t  key,
psa_algorithm_t  alg,
const uint8_t *  salt,
size_t  salt_length,
const uint8_t *  label,
size_t  label_length,
size_t  capacity 
)

Set up a key derivation operation.

A key derivation algorithm takes three inputs: a secret input key and two non-secret inputs label and p salt. The result of this function is a byte generator which can be used to produce keys and other cryptographic material.

The role of label and salt is as follows:

  • For HKDF (PSA_ALG_HKDF), salt is the salt used in the "extract" step and label is the info string used in the "expand" step.
Parameters
[in,out]generatorThe generator object to set up. It must have been initialized to .
keySlot containing the secret key to use.
algThe key derivation algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_KEY_DERIVATION(alg) is true).
[in]saltSalt to use.
salt_lengthSize of the salt buffer in bytes.
[in]labelLabel to use.
label_lengthSize of the label buffer in bytes.
capacityThe maximum number of bytes that the generator will be able to provide.
Return values
PSA_SUCCESSSuccess.
PSA_ERROR_EMPTY_SLOT
PSA_ERROR_NOT_PERMITTED
PSA_ERROR_INVALID_ARGUMENTkey is not compatible with alg, or capacity is too large for the specified algorithm and key.
PSA_ERROR_NOT_SUPPORTEDalg is not supported or is not a key derivation algorithm.
PSA_ERROR_INSUFFICIENT_MEMORY
PSA_ERROR_COMMUNICATION_FAILURE
PSA_ERROR_HARDWARE_FAILURE
PSA_ERROR_TAMPERING_DETECTED