TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 45adc5bee5dff2fb34c33edc077bee34c85cd00c / . / docs / html / group__derivation.html
blob: 0c17519662776109ce07610ce27cf93ae8cc4b1e [file] [log] [blame]
Gilles Peskine89f0a532019-01-31 11:47:57 +0100[diff] [blame]1<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2<html xmlns="http://www.w3.org/1999/xhtml">
3<head>
4<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
5<meta http-equiv="X-UA-Compatible" content="IE=9"/>
6<meta name="generator" content="Doxygen 1.8.11"/>
7<title>Platform Security Architecture — cryptography and keystore interface: Key derivation</title>
8<link href="tabs.css" rel="stylesheet" type="text/css"/>
9<script type="text/javascript" src="jquery.js"></script>
10<script type="text/javascript" src="dynsections.js"></script>
11<link href="search/search.css" rel="stylesheet" type="text/css"/>
12<script type="text/javascript" src="search/searchdata.js"></script>
13<script type="text/javascript" src="search/search.js"></script>
14<script type="text/javascript">
15 $(document).ready(function() { init_search(); });
16</script>
17<link href="doxygen.css" rel="stylesheet" type="text/css" />
18</head>
19<body>
20<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
21<div id="titlearea">
22<table cellspacing="0" cellpadding="0">
23 <tbody>
24 <tr style="height: 56px;">
25 <td id="projectalign" style="padding-left: 0.5em;">
26 <div id="projectname">Platform Security Architecture — cryptography and keystore interface
Gilles Peskine45adc5b2019-03-05 16:34:20 +0100[diff] [blame^]27 &#160;<span id="projectnumber">beta 2 — 2019-02-22</span>
Gilles Peskine89f0a532019-01-31 11:47:57 +0100[diff] [blame]28 </div>
29 </td>
30 </tr>
31 </tbody>
32</table>
33</div>
34<!-- end header part -->
35<!-- Generated by Doxygen 1.8.11 -->
36<script type="text/javascript">
37var searchBox = new SearchBox("searchBox", "search",false,'Search');
38</script>
39 <div id="navrow1" class="tabs">
40 <ul class="tablist">
41 <li><a href="index.html"><span>Main&#160;Page</span></a></li>
42 <li class="current"><a href="modules.html"><span>Modules</span></a></li>
43 <li><a href="annotated.html"><span>Classes</span></a></li>
44 <li><a href="files.html"><span>Files</span></a></li>
45 <li>
46 <div id="MSearchBox" class="MSearchBoxInactive">
47 <span class="left">
48 <img id="MSearchSelect" src="search/mag_sel.png"
49 onmouseover="return searchBox.OnSearchSelectShow()"
50 onmouseout="return searchBox.OnSearchSelectHide()"
51 alt=""/>
52 <input type="text" id="MSearchField" value="Search" accesskey="S"
53 onfocus="searchBox.OnSearchFieldFocus(true)"
54 onblur="searchBox.OnSearchFieldFocus(false)"
55 onkeyup="searchBox.OnSearchFieldChange(event)"/>
56 </span><span class="right">
57 <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
58 </span>
59 </div>
60 </li>
61 </ul>
62 </div>
63</div><!-- top -->
64<!-- window showing the filter options -->
65<div id="MSearchSelectWindow"
66 onmouseover="return searchBox.OnSearchSelectShow()"
67 onmouseout="return searchBox.OnSearchSelectHide()"
68 onkeydown="return searchBox.OnSearchSelectKey(event)">
69</div>
70
71<!-- iframe showing the search results (closed by default) -->
72<div id="MSearchResultsWindow">
73<iframe src="javascript:void(0)" frameborder="0"
74 name="MSearchResults" id="MSearchResults">
75</iframe>
76</div>
77
78<div class="header">
79 <div class="summary">
80<a href="#define-members">Macros</a> &#124;
81<a href="#typedef-members">Typedefs</a> &#124;
82<a href="#func-members">Functions</a> </div>
83 <div class="headertitle">
84<div class="title">Key derivation</div> </div>
85</div><!--header-->
86<div class="contents">
87<table class="memberdecls">
88<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a>
89Macros</h2></td></tr>
90<tr class="memitem:ga90a1995a41e26ed5ca30d2d4641d1168"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga90a1995a41e26ed5ca30d2d4641d1168">PSA_KDF_STEP_SECRET</a>&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0101)</td></tr>
91<tr class="separator:ga90a1995a41e26ed5ca30d2d4641d1168"><td class="memSeparator" colspan="2">&#160;</td></tr>
92<tr class="memitem:ga9f4da10191bcb690b88756ed8470b03c"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga9f4da10191bcb690b88756ed8470b03c">PSA_KDF_STEP_LABEL</a>&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0201)</td></tr>
93<tr class="separator:ga9f4da10191bcb690b88756ed8470b03c"><td class="memSeparator" colspan="2">&#160;</td></tr>
94<tr class="memitem:ga384777dac55791d8f3a1af72c847b327"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga384777dac55791d8f3a1af72c847b327">PSA_KDF_STEP_SALT</a>&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0202)</td></tr>
95<tr class="separator:ga384777dac55791d8f3a1af72c847b327"><td class="memSeparator" colspan="2">&#160;</td></tr>
96<tr class="memitem:ga836afe760bbda3dafc6c29631560b1a0"><td class="memItemLeft" align="right" valign="top">#define&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga836afe760bbda3dafc6c29631560b1a0">PSA_KDF_STEP_INFO</a>&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0203)</td></tr>
97<tr class="separator:ga836afe760bbda3dafc6c29631560b1a0"><td class="memSeparator" colspan="2">&#160;</td></tr>
98</table><table class="memberdecls">
99<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a>
100Typedefs</h2></td></tr>
101<tr class="memitem:gaac4eeacd36596c548b3a48fc06c5048b"><td class="memItemLeft" align="right" valign="top"><a class="anchor" id="gaac4eeacd36596c548b3a48fc06c5048b"></a>
102typedef uint16_t&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a></td></tr>
103<tr class="memdesc:gaac4eeacd36596c548b3a48fc06c5048b"><td class="mdescLeft">&#160;</td><td class="mdescRight">Encoding of the step of a key derivation. <br /></td></tr>
104<tr class="separator:gaac4eeacd36596c548b3a48fc06c5048b"><td class="memSeparator" colspan="2">&#160;</td></tr>
105</table><table class="memberdecls">
106<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
107Functions</h2></td></tr>
108<tr class="memitem:ga1825696be813dfac2b8d3d02717e71c5"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga1825696be813dfac2b8d3d02717e71c5">psa_key_derivation_setup</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, <a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg)</td></tr>
109<tr class="separator:ga1825696be813dfac2b8d3d02717e71c5"><td class="memSeparator" colspan="2">&#160;</td></tr>
110<tr class="memitem:ga1b30e888db65c71f5337900848e1b03f"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga1b30e888db65c71f5337900848e1b03f">psa_key_derivation_input_bytes</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, <a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a> step, const uint8_t *data, size_t data_length)</td></tr>
111<tr class="separator:ga1b30e888db65c71f5337900848e1b03f"><td class="memSeparator" colspan="2">&#160;</td></tr>
112<tr class="memitem:ga9e5f549aa1f6f3863a07008d3d98f91a"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga9e5f549aa1f6f3863a07008d3d98f91a">psa_key_derivation_input_key</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, <a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a> step, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> handle)</td></tr>
113<tr class="separator:ga9e5f549aa1f6f3863a07008d3d98f91a"><td class="memSeparator" colspan="2">&#160;</td></tr>
114<tr class="memitem:ga2c7fe304cacc141ffb91553548abc5d2"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#ga2c7fe304cacc141ffb91553548abc5d2">psa_key_agreement</a> (<a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *generator, <a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a> step, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> private_key, const uint8_t *peer_key, size_t peer_key_length)</td></tr>
115<tr class="separator:ga2c7fe304cacc141ffb91553548abc5d2"><td class="memSeparator" colspan="2">&#160;</td></tr>
116<tr class="memitem:gaf1b12eff66a1a0020b5bdc8d0e910006"><td class="memItemLeft" align="right" valign="top"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__derivation.html#gaf1b12eff66a1a0020b5bdc8d0e910006">psa_key_agreement_raw_shared_secret</a> (<a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a> alg, <a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a> private_key, const uint8_t *peer_key, size_t peer_key_length, uint8_t *output, size_t output_size, size_t *output_length)</td></tr>
117<tr class="separator:gaf1b12eff66a1a0020b5bdc8d0e910006"><td class="memSeparator" colspan="2">&#160;</td></tr>
118</table>
119<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
120<h2 class="groupheader">Macro Definition Documentation</h2>
121<a class="anchor" id="ga836afe760bbda3dafc6c29631560b1a0"></a>
122<div class="memitem">
123<div class="memproto">
124 <table class="memname">
125 <tr>
126 <td class="memname">#define PSA_KDF_STEP_INFO&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0203)</td>
127 </tr>
128 </table>
129</div><div class="memdoc">
130<p>An information string for key derivation.</p>
131<p>This must be a direct input. </p>
132
133</div>
134</div>
135<a class="anchor" id="ga9f4da10191bcb690b88756ed8470b03c"></a>
136<div class="memitem">
137<div class="memproto">
138 <table class="memname">
139 <tr>
140 <td class="memname">#define PSA_KDF_STEP_LABEL&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0201)</td>
141 </tr>
142 </table>
143</div><div class="memdoc">
144<p>A label for key derivation.</p>
145<p>This must be a direct input. </p>
146
147</div>
148</div>
149<a class="anchor" id="ga384777dac55791d8f3a1af72c847b327"></a>
150<div class="memitem">
151<div class="memproto">
152 <table class="memname">
153 <tr>
154 <td class="memname">#define PSA_KDF_STEP_SALT&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0202)</td>
155 </tr>
156 </table>
157</div><div class="memdoc">
158<p>A salt for key derivation.</p>
159<p>This must be a direct input. </p>
160
161</div>
162</div>
163<a class="anchor" id="ga90a1995a41e26ed5ca30d2d4641d1168"></a>
164<div class="memitem">
165<div class="memproto">
166 <table class="memname">
167 <tr>
168 <td class="memname">#define PSA_KDF_STEP_SECRET&#160;&#160;&#160;((<a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>)0x0101)</td>
169 </tr>
170 </table>
171</div><div class="memdoc">
172<p>A secret input for key derivation.</p>
173<p>This must be a key of type <a class="el" href="group__crypto__types.html#gae871b2357b8593f33bfd51abbf93ebb1">PSA_KEY_TYPE_DERIVE</a>. </p>
174
175</div>
176</div>
177<h2 class="groupheader">Function Documentation</h2>
178<a class="anchor" id="ga2c7fe304cacc141ffb91553548abc5d2"></a>
179<div class="memitem">
180<div class="memproto">
181 <table class="memname">
182 <tr>
183 <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_key_agreement </td>
184 <td>(</td>
185 <td class="paramtype"><a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *&#160;</td>
186 <td class="paramname"><em>generator</em>, </td>
187 </tr>
188 <tr>
189 <td class="paramkey"></td>
190 <td></td>
191 <td class="paramtype"><a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>&#160;</td>
192 <td class="paramname"><em>step</em>, </td>
193 </tr>
194 <tr>
195 <td class="paramkey"></td>
196 <td></td>
197 <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
198 <td class="paramname"><em>private_key</em>, </td>
199 </tr>
200 <tr>
201 <td class="paramkey"></td>
202 <td></td>
203 <td class="paramtype">const uint8_t *&#160;</td>
204 <td class="paramname"><em>peer_key</em>, </td>
205 </tr>
206 <tr>
207 <td class="paramkey"></td>
208 <td></td>
209 <td class="paramtype">size_t&#160;</td>
210 <td class="paramname"><em>peer_key_length</em>&#160;</td>
211 </tr>
212 <tr>
213 <td></td>
214 <td>)</td>
215 <td></td><td></td>
216 </tr>
217 </table>
218</div><div class="memdoc">
219<p>Perform a key agreement and use the shared secret as input to a key derivation.</p>
220<p>A key agreement algorithm takes two inputs: a private key <code>private_key</code> a public key <code>peer_key</code>. The result of this function is passed as input to a key derivation. The output of this key derivation can be extracted by reading from the resulting generator to produce keys and other cryptographic material.</p>
221<dl class="params"><dt>Parameters</dt><dd>
222 <table class="params">
Gilles Peskine45adc5b2019-03-05 16:34:20 +0100[diff] [blame^]223 <tr><td class="paramdir">[in,out]</td><td class="paramname">generator</td><td>The generator object to use. It must have been set up with <a class="el" href="group__derivation.html#ga1825696be813dfac2b8d3d02717e71c5">psa_key_derivation_setup()</a> with a key agreement and derivation algorithm <code>alg</code> (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#ga59753742cb06553bd22751bbef472b6f">PSA_ALG_IS_KEY_AGREEMENT</a>(<code>alg</code>) is true and <a class="el" href="group__crypto__types.html#gaa40ab362ce141ce541d69b2eb1f41438">PSA_ALG_IS_RAW_KEY_AGREEMENT</a>(<code>alg</code>) is false). The generator must be ready for an input of the type given by <code>step</code>. </td></tr>
Gilles Peskine89f0a532019-01-31 11:47:57 +0100[diff] [blame]224 <tr><td class="paramdir"></td><td class="paramname">step</td><td>Which step the input data is for. </td></tr>
225 <tr><td class="paramdir"></td><td class="paramname">private_key</td><td>Handle to the private key to use. </td></tr>
Gilles Peskine45adc5b2019-03-05 16:34:20 +0100[diff] [blame^]226 <tr><td class="paramdir">[in]</td><td class="paramname">peer_key</td><td>Public key of the peer. The peer key must be in the same format that <a class="el" href="group__import__export.html#gac9f999cb4d098663d56095afe81a453a" title="Import a key in binary format. ">psa_import_key()</a> accepts for the public key type corresponding to the type of private_key. That is, this function performs the equivalent of <a class="el" href="group__import__export.html#gac9f999cb4d098663d56095afe81a453a" title="Import a key in binary format. ">psa_import_key</a>(<code>internal_public_key_handle</code>, <a class="el" href="group__crypto__types.html#gace08e46dd7cbf642d50d982a25d02bec">PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR</a>(<code>private_key_type</code>), <code>peer_key</code>, <code>peer_key_length</code>) where <code>private_key_type</code> is the type of <code>private_key</code>. For example, for EC keys, this means that peer_key is interpreted as a point on the curve that the private key is on. The standard formats for public keys are documented in the documentation of <a class="el" href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256" title="Export a public key or the public part of a key pair in binary format. ">psa_export_public_key()</a>. </td></tr>
Gilles Peskine89f0a532019-01-31 11:47:57 +0100[diff] [blame]227 <tr><td class="paramdir"></td><td class="paramname">peer_key_length</td><td>Size of <code>peer_key</code> in bytes.</td></tr>
228 </table>
229 </dd>
230</dl>
231<dl class="retval"><dt>Return values</dt><dd>
232 <table class="retval">
233 <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
234 <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
235 <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
236 <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
237 <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>private_key</code> is not compatible with <code>alg</code>, or <code>peer_key</code> is not valid for <code>alg</code> or not compatible with <code>private_key</code>. </td></tr>
238 <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not a key derivation algorithm. </td></tr>
239 <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
240 <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
241 <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
242 <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
243 </table>
244 </dd>
245</dl>
246
247</div>
248</div>
249<a class="anchor" id="gaf1b12eff66a1a0020b5bdc8d0e910006"></a>
250<div class="memitem">
251<div class="memproto">
252 <table class="memname">
253 <tr>
254 <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_key_agreement_raw_shared_secret </td>
255 <td>(</td>
256 <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
257 <td class="paramname"><em>alg</em>, </td>
258 </tr>
259 <tr>
260 <td class="paramkey"></td>
261 <td></td>
262 <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
263 <td class="paramname"><em>private_key</em>, </td>
264 </tr>
265 <tr>
266 <td class="paramkey"></td>
267 <td></td>
268 <td class="paramtype">const uint8_t *&#160;</td>
269 <td class="paramname"><em>peer_key</em>, </td>
270 </tr>
271 <tr>
272 <td class="paramkey"></td>
273 <td></td>
274 <td class="paramtype">size_t&#160;</td>
275 <td class="paramname"><em>peer_key_length</em>, </td>
276 </tr>
277 <tr>
278 <td class="paramkey"></td>
279 <td></td>
280 <td class="paramtype">uint8_t *&#160;</td>
281 <td class="paramname"><em>output</em>, </td>
282 </tr>
283 <tr>
284 <td class="paramkey"></td>
285 <td></td>
286 <td class="paramtype">size_t&#160;</td>
287 <td class="paramname"><em>output_size</em>, </td>
288 </tr>
289 <tr>
290 <td class="paramkey"></td>
291 <td></td>
292 <td class="paramtype">size_t *&#160;</td>
293 <td class="paramname"><em>output_length</em>&#160;</td>
294 </tr>
295 <tr>
296 <td></td>
297 <td>)</td>
298 <td></td><td></td>
299 </tr>
300 </table>
301</div><div class="memdoc">
302<p>Perform a key agreement and use the shared secret as input to a key derivation.</p>
303<p>A key agreement algorithm takes two inputs: a private key <code>private_key</code> a public key <code>peer_key</code>.</p>
304<dl class="section warning"><dt>Warning</dt><dd>The raw result of a key agreement algorithm such as finite-field Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should not be used directly as key material. It should instead be passed as input to a key derivation algorithm. To chain a key agreement with a key derivation, use <a class="el" href="group__derivation.html#ga2c7fe304cacc141ffb91553548abc5d2">psa_key_agreement()</a> and other functions from the key derivation and generator interface.</dd></dl>
305<dl class="params"><dt>Parameters</dt><dd>
306 <table class="params">
Gilles Peskine45adc5b2019-03-05 16:34:20 +0100[diff] [blame^]307 <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The key agreement algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gaa40ab362ce141ce541d69b2eb1f41438">PSA_ALG_IS_RAW_KEY_AGREEMENT</a>(<code>alg</code>) is true). </td></tr>
Gilles Peskine89f0a532019-01-31 11:47:57 +0100[diff] [blame]308 <tr><td class="paramdir"></td><td class="paramname">private_key</td><td>Handle to the private key to use. </td></tr>
309 <tr><td class="paramdir">[in]</td><td class="paramname">peer_key</td><td>Public key of the peer. It must be in the same format that <a class="el" href="group__import__export.html#gac9f999cb4d098663d56095afe81a453a" title="Import a key in binary format. ">psa_import_key()</a> accepts. The standard formats for public keys are documented in the documentation of <a class="el" href="group__import__export.html#gad760d1f0d4e60972c78cbb4c8a528256" title="Export a public key or the public part of a key pair in binary format. ">psa_export_public_key()</a>. </td></tr>
310 <tr><td class="paramdir"></td><td class="paramname">peer_key_length</td><td>Size of <code>peer_key</code> in bytes. </td></tr>
311 <tr><td class="paramdir">[out]</td><td class="paramname">output</td><td>Buffer where the decrypted message is to be written. </td></tr>
312 <tr><td class="paramdir"></td><td class="paramname">output_size</td><td>Size of the <code>output</code> buffer in bytes. </td></tr>
313 <tr><td class="paramdir">[out]</td><td class="paramname">output_length</td><td>On success, the number of bytes that make up the returned output.</td></tr>
314 </table>
315 </dd>
316</dl>
317<dl class="retval"><dt>Return values</dt><dd>
318 <table class="retval">
319 <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
320 <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
321 <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
322 <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
323 <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>alg</code> is not a key agreement algorithm </td></tr>
324 <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>private_key</code> is not compatible with <code>alg</code>, or <code>peer_key</code> is not valid for <code>alg</code> or not compatible with <code>private_key</code>. </td></tr>
325 <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not a supported key agreement algorithm. </td></tr>
326 <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
327 <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
328 <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
329 <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
330 </table>
331 </dd>
332</dl>
333
334</div>
335</div>
336<a class="anchor" id="ga1b30e888db65c71f5337900848e1b03f"></a>
337<div class="memitem">
338<div class="memproto">
339 <table class="memname">
340 <tr>
341 <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_key_derivation_input_bytes </td>
342 <td>(</td>
343 <td class="paramtype"><a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *&#160;</td>
344 <td class="paramname"><em>generator</em>, </td>
345 </tr>
346 <tr>
347 <td class="paramkey"></td>
348 <td></td>
349 <td class="paramtype"><a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>&#160;</td>
350 <td class="paramname"><em>step</em>, </td>
351 </tr>
352 <tr>
353 <td class="paramkey"></td>
354 <td></td>
355 <td class="paramtype">const uint8_t *&#160;</td>
356 <td class="paramname"><em>data</em>, </td>
357 </tr>
358 <tr>
359 <td class="paramkey"></td>
360 <td></td>
361 <td class="paramtype">size_t&#160;</td>
362 <td class="paramname"><em>data_length</em>&#160;</td>
363 </tr>
364 <tr>
365 <td></td>
366 <td>)</td>
367 <td></td><td></td>
368 </tr>
369 </table>
370</div><div class="memdoc">
371<p>Provide an input for key derivation or key agreement.</p>
372<p>Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.</p>
373<p>This function passes direct inputs. Some inputs must be passed as keys using <a class="el" href="group__derivation.html#ga9e5f549aa1f6f3863a07008d3d98f91a">psa_key_derivation_input_key()</a> instead of this function. Refer to the documentation of individual step types for information.</p>
374<dl class="params"><dt>Parameters</dt><dd>
375 <table class="params">
376 <tr><td class="paramdir">[in,out]</td><td class="paramname">generator</td><td>The generator object to use. It must have been set up with <a class="el" href="group__derivation.html#ga1825696be813dfac2b8d3d02717e71c5">psa_key_derivation_setup()</a> and must not have produced any output yet. </td></tr>
377 <tr><td class="paramdir"></td><td class="paramname">step</td><td>Which step the input data is for. </td></tr>
378 <tr><td class="paramdir">[in]</td><td class="paramname">data</td><td>Input data to use. </td></tr>
379 <tr><td class="paramdir"></td><td class="paramname">data_length</td><td>Size of the <code>data</code> buffer in bytes.</td></tr>
380 </table>
381 </dd>
382</dl>
383<dl class="retval"><dt>Return values</dt><dd>
384 <table class="retval">
385 <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
386 <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>step</code> is not compatible with the generator's algorithm. </td></tr>
387 <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>step</code> does not allow direct inputs. </td></tr>
388 <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
389 <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
390 <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
391 <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
392 <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The value of <code>step</code> is not valid given the state of <code>generator</code>. </td></tr>
393 <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
394 </table>
395 </dd>
396</dl>
397
398</div>
399</div>
400<a class="anchor" id="ga9e5f549aa1f6f3863a07008d3d98f91a"></a>
401<div class="memitem">
402<div class="memproto">
403 <table class="memname">
404 <tr>
405 <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_key_derivation_input_key </td>
406 <td>(</td>
407 <td class="paramtype"><a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *&#160;</td>
408 <td class="paramname"><em>generator</em>, </td>
409 </tr>
410 <tr>
411 <td class="paramkey"></td>
412 <td></td>
413 <td class="paramtype"><a class="el" href="group__derivation.html#gaac4eeacd36596c548b3a48fc06c5048b">psa_key_derivation_step_t</a>&#160;</td>
414 <td class="paramname"><em>step</em>, </td>
415 </tr>
416 <tr>
417 <td class="paramkey"></td>
418 <td></td>
419 <td class="paramtype"><a class="el" href="group__platform.html#gabf6d5fd4e2ea89ecd425c88f057e7f75">psa_key_handle_t</a>&#160;</td>
420 <td class="paramname"><em>handle</em>&#160;</td>
421 </tr>
422 <tr>
423 <td></td>
424 <td>)</td>
425 <td></td><td></td>
426 </tr>
427 </table>
428</div><div class="memdoc">
429<p>Provide an input for key derivation in the form of a key.</p>
430<p>Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.</p>
431<p>This function passes key inputs. Some inputs must be passed as keys of the appropriate type using this function, while others must be passed as direct inputs using <a class="el" href="group__derivation.html#ga1b30e888db65c71f5337900848e1b03f">psa_key_derivation_input_bytes()</a>. Refer to the documentation of individual step types for information.</p>
432<dl class="params"><dt>Parameters</dt><dd>
433 <table class="params">
434 <tr><td class="paramdir">[in,out]</td><td class="paramname">generator</td><td>The generator object to use. It must have been set up with <a class="el" href="group__derivation.html#ga1825696be813dfac2b8d3d02717e71c5">psa_key_derivation_setup()</a> and must not have produced any output yet. </td></tr>
435 <tr><td class="paramdir"></td><td class="paramname">step</td><td>Which step the input data is for. </td></tr>
436 <tr><td class="paramdir"></td><td class="paramname">handle</td><td>Handle to the key. It must have an appropriate type for <code>step</code> and must allow the usage <a class="el" href="group__policy.html#gaf19022acc5ef23cf12477f632b48a0b2">PSA_KEY_USAGE_DERIVE</a>.</td></tr>
437 </table>
438 </dd>
439</dl>
440<dl class="retval"><dt>Return values</dt><dd>
441 <table class="retval">
442 <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
443 <tr><td class="paramname"><a class="el" href="group__error.html#gadf22718935657c2c3168c228204085f9">PSA_ERROR_INVALID_HANDLE</a></td><td></td></tr>
444 <tr><td class="paramname"><a class="el" href="group__error.html#gaba00e3e6ceb2b12965a81e5ac02ae040">PSA_ERROR_EMPTY_SLOT</a></td><td></td></tr>
445 <tr><td class="paramname"><a class="el" href="group__error.html#ga4d1b8dd8526177a15a210b7afc1accb1">PSA_ERROR_NOT_PERMITTED</a></td><td></td></tr>
446 <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>step</code> is not compatible with the generator's algorithm. </td></tr>
447 <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>step</code> does not allow key inputs. </td></tr>
448 <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
449 <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
450 <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
451 <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
452 <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The value of <code>step</code> is not valid given the state of <code>generator</code>. </td></tr>
453 <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td>The library has not been previously initialized by <a class="el" href="group__initialization.html#ga2de150803fc2f7dc6101d5af7e921dd9" title="Library initialization. ">psa_crypto_init()</a>. It is implementation-dependent whether a failure to initialize results in this error code. </td></tr>
454 </table>
455 </dd>
456</dl>
457
458</div>
459</div>
460<a class="anchor" id="ga1825696be813dfac2b8d3d02717e71c5"></a>
461<div class="memitem">
462<div class="memproto">
463 <table class="memname">
464 <tr>
465 <td class="memname"><a class="el" href="group__error.html#ga05676e70ba5c6a7565aff3c36677c1f9">psa_status_t</a> psa_key_derivation_setup </td>
466 <td>(</td>
467 <td class="paramtype"><a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a> *&#160;</td>
468 <td class="paramname"><em>generator</em>, </td>
469 </tr>
470 <tr>
471 <td class="paramkey"></td>
472 <td></td>
473 <td class="paramtype"><a class="el" href="group__crypto__types.html#gac2e4d47f1300d73c2f829a6d99252d69">psa_algorithm_t</a>&#160;</td>
474 <td class="paramname"><em>alg</em>&#160;</td>
475 </tr>
476 <tr>
477 <td></td>
478 <td>)</td>
479 <td></td><td></td>
480 </tr>
481 </table>
482</div><div class="memdoc">
483<p>Set up a key derivation operation.</p>
484<p>A key derivation algorithm takes some inputs and uses them to create a byte generator which can be used to produce keys and other cryptographic material.</p>
485<p>To use a generator for key derivation:</p><ul>
486<li>Start with an initialized object of type <a class="el" href="group__generators.html#ga1f894c4fba202ef8e307d72caf489e3b">psa_crypto_generator_t</a>.</li>
487<li>Call <a class="el" href="group__derivation.html#ga1825696be813dfac2b8d3d02717e71c5">psa_key_derivation_setup()</a> to select the algorithm.</li>
488<li>Provide the inputs for the key derivation by calling <a class="el" href="group__derivation.html#ga1b30e888db65c71f5337900848e1b03f">psa_key_derivation_input_bytes()</a> or <a class="el" href="group__derivation.html#ga9e5f549aa1f6f3863a07008d3d98f91a">psa_key_derivation_input_key()</a> as appropriate. Which inputs are needed, in what order, and whether they may be keys and if so of what type depends on the algorithm.</li>
489<li>Optionally set the generator's maximum capacity with <a class="el" href="group__generators.html#ga45676ec3c719622f95caaf926f44bb6e">psa_set_generator_capacity()</a>. You may do this before, in the middle of or after providing inputs. For some algorithms, this step is mandatory because the output depends on the maximum capacity.</li>
490<li>Generate output with <a class="el" href="group__generators.html#gab5712ad29b78c2b170e64cc5bcfc1bce">psa_generator_read()</a> or <a class="el" href="group__generators.html#ga7fcdf07cd37279ca167db484053da894">psa_generator_import_key()</a>. Successive calls to these functions use successive output bytes from the generator.</li>
491<li>Clean up the generator object with <a class="el" href="group__generators.html#ga563ca64537d90368899286b36d8cf7f3">psa_generator_abort()</a>.</li>
492</ul>
493<dl class="params"><dt>Parameters</dt><dd>
494 <table class="params">
495 <tr><td class="paramdir">[in,out]</td><td class="paramname">generator</td><td>The generator object to set up. It must have been initialized but not set up yet. </td></tr>
496 <tr><td class="paramdir"></td><td class="paramname">alg</td><td>The key derivation algorithm to compute (<code>PSA_ALG_XXX</code> value such that <a class="el" href="group__crypto__types.html#gaf8b90c648aa53dbd06c236695e300cd0">PSA_ALG_IS_KEY_DERIVATION</a>(<code>alg</code>) is true).</td></tr>
497 </table>
498 </dd>
499</dl>
500<dl class="retval"><dt>Return values</dt><dd>
501 <table class="retval">
502 <tr><td class="paramname"><a class="el" href="group__error.html#ga4cc859e2c66ca381c7418db3527a65e1">PSA_SUCCESS</a></td><td>Success. </td></tr>
503 <tr><td class="paramname"><a class="el" href="group__error.html#ga798df25a505ebf931f7bec1f80f1f85f">PSA_ERROR_INVALID_ARGUMENT</a></td><td><code>alg</code> is not a key derivation algorithm. </td></tr>
504 <tr><td class="paramname"><a class="el" href="group__error.html#ga1dcc6d130633ed5db8942257581b55dd">PSA_ERROR_NOT_SUPPORTED</a></td><td><code>alg</code> is not supported or is not a key derivation algorithm. </td></tr>
505 <tr><td class="paramname"><a class="el" href="group__error.html#ga91b2ad8a867517a2651f1b076c5216e5">PSA_ERROR_INSUFFICIENT_MEMORY</a></td><td></td></tr>
506 <tr><td class="paramname"><a class="el" href="group__error.html#ga5cdb6948371d49e916106249020ea3f7">PSA_ERROR_COMMUNICATION_FAILURE</a></td><td></td></tr>
507 <tr><td class="paramname"><a class="el" href="group__error.html#ga08b10e70fa5ff0b05c631d9f8f6b2c6b">PSA_ERROR_HARDWARE_FAILURE</a></td><td></td></tr>
508 <tr><td class="paramname"><a class="el" href="group__error.html#ga2c5dda1485cb54f2385cb9c1279a7004">PSA_ERROR_TAMPERING_DETECTED</a></td><td></td></tr>
509 <tr><td class="paramname"><a class="el" href="group__error.html#ga933d40fa2a591004f2e93aa91e11db84">PSA_ERROR_BAD_STATE</a></td><td></td></tr>
510 </table>
511 </dd>
512</dl>
513
514</div>
515</div>
516</div><!-- contents -->
517<!-- start footer part -->
518<hr class="footer"/><address class="footer"><small>
519Generated by &#160;<a href="http://www.doxygen.org/index.html">
520<img class="footer" src="doxygen.png" alt="doxygen"/>
521</a> 1.8.11
522</small></address>
523</body>
524</html>