|
Platform Security Architecture — cryptography and keystore interface
Working draft
|
Functions | |
| psa_status_t | psa_key_derivation (psa_crypto_generator_t *generator, psa_key_slot_t key, psa_algorithm_t alg, const uint8_t *salt, size_t salt_length, const uint8_t *label, size_t label_length, size_t capacity) |
| psa_status_t psa_key_derivation | ( | psa_crypto_generator_t * | generator, |
| psa_key_slot_t | key, | ||
| psa_algorithm_t | alg, | ||
| const uint8_t * | salt, | ||
| size_t | salt_length, | ||
| const uint8_t * | label, | ||
| size_t | label_length, | ||
| size_t | capacity | ||
| ) |
Set up a key derivation operation.
A key derivation algorithm takes three inputs: a secret input key and two non-secret inputs label and p salt. The result of this function is a byte generator which can be used to produce keys and other cryptographic material.
The role of label and salt is as follows:
salt is the salt used in the "extract" step and label is the info string used in the "expand" step.| [in,out] | generator | The generator object to set up. It must have been initialized to . |
| key | Slot containing the secret key to use. | |
| alg | The key derivation algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_KEY_DERIVATION(alg) is true). | |
| [in] | salt | Salt to use. |
| salt_length | Size of the salt buffer in bytes. | |
| [in] | label | Label to use. |
| label_length | Size of the label buffer in bytes. | |
| capacity | The maximum number of bytes that the generator will be able to provide. |
| PSA_SUCCESS | Success. |
| PSA_ERROR_EMPTY_SLOT | |
| PSA_ERROR_NOT_PERMITTED | |
| PSA_ERROR_INVALID_ARGUMENT | key is not compatible with alg, or capacity is too large for the specified algorithm and key. |
| PSA_ERROR_NOT_SUPPORTED | alg is not supported or is not a key derivation algorithm. |
| PSA_ERROR_INSUFFICIENT_MEMORY | |
| PSA_ERROR_COMMUNICATION_FAILURE | |
| PSA_ERROR_HARDWARE_FAILURE | |
| PSA_ERROR_TAMPERING_DETECTED |
1.8.13