Add new key type PASSWORD_HASH
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index da2a15c..074893f 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -3536,7 +3536,8 @@
* - #PSA_KEY_TYPE_ARC4;
* - #PSA_KEY_TYPE_CAMELLIA;
* - #PSA_KEY_TYPE_DERIVE;
- * - #PSA_KEY_TYPE_HMAC.
+ * - #PSA_KEY_TYPE_HMAC;
+ * - #PSA_KEY_TYPE_PASSWORD_HASH.
*
* - For ECC keys on a Montgomery elliptic curve
* (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a
@@ -3722,12 +3723,13 @@
* psa_key_derivation_abort().
*
* \param[in,out] operation The key derivation operation object to read from.
- * \param[in] expected A key of type #PSA_KEY_TYPE_RAW_DATA containing
- * the expected output. Its policy must include the
- * #PSA_KEY_USAGE_VERIFY_DERIVATION flag and the
- * permitted algorithm must match the operation.
- * The value of this key was likely computed by a
- * previous call to psa_key_derivation_output_key().
+ * \param[in] expected A key of type #PSA_KEY_TYPE_PASSWORD_HASH
+ * containing the expected output. Its policy must
+ * include the #PSA_KEY_USAGE_VERIFY_DERIVATION flag
+ * and the permitted algorithm must match the
+ * operation. The value of this key was likely
+ * computed by a previous call to
+ * psa_key_derivation_output_key().
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_SIGNATURE
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index faccaf6..917a0a2 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -443,12 +443,20 @@
*/
#define PSA_KEY_TYPE_PASSWORD ((psa_key_type_t)0x1203)
+/** A secret value that can be used to verify a password hash.
+ *
+ * The key policy determines which key derivation algorithm the key
+ * can be used for, among the same permissible subset as for
+ * #PSA_KEY_TYPE_PASSWORD.
+ */
+#define PSA_KEY_TYPE_PASSWORD_HASH ((psa_key_type_t)0x1205)
+
/** A secret value that can be used in when computing a password hash.
*
* The key policy determines which key derivation algorithm the key
* can be used for, among the subset of algorithms that can use pepper.
*/
-#define PSA_KEY_TYPE_PEPPER ((psa_key_type_t)0x1205)
+#define PSA_KEY_TYPE_PEPPER ((psa_key_type_t)0x1206)
/** Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.
*
@@ -2204,7 +2212,7 @@
*
* This flag allows the key to be used:
*
- * - for a key of type #PSA_KEY_TYPE_RAW_DATA, as the \c key argument of
+ * - for a key of type #PSA_KEY_TYPE_PASSWORD_HASH, as the \c key argument of
* psa_key_derivation_verify_key();
* - for a key of type #PSA_KEY_TYPE_PASSWORD (or #PSA_KEY_TYPE_DERIVE), as
* the input to psa_key_derivation_input_key() at the step