Key derivation

Description

Macros

#define PSA_KEY_DERIVATION_INPUT_SECRET (( psa_key_derivation_step_t )0x0101)
A secret input for key derivation.
#define PSA_KEY_DERIVATION_INPUT_PASSWORD (( psa_key_derivation_step_t )0x0102)
A low-entropy secret input for password hashing / key stretching.
#define PSA_KEY_DERIVATION_INPUT_OTHER_SECRET (( psa_key_derivation_step_t )0x0103)
A high-entropy additional secret input for key derivation.
#define PSA_KEY_DERIVATION_INPUT_LABEL (( psa_key_derivation_step_t )0x0201)
A label for key derivation.
#define PSA_KEY_DERIVATION_INPUT_SALT (( psa_key_derivation_step_t )0x0202)
A salt for key derivation.
#define PSA_KEY_DERIVATION_INPUT_INFO (( psa_key_derivation_step_t )0x0203)
An information string for key derivation.
#define PSA_KEY_DERIVATION_INPUT_SEED (( psa_key_derivation_step_t )0x0204)
A seed for key derivation.
#define PSA_KEY_DERIVATION_INPUT_COST (( psa_key_derivation_step_t )0x0205)
A cost parameter for password hashing / key stretching.

Typedefs

typedef uint16_t psa_key_derivation_step_t
Encoding of the step of a key derivation.

Macro Definition Documentation

PSA_KEY_DERIVATION_INPUT_SECRET

#define PSA_KEY_DERIVATION_INPUT_SECRET   (( psa_key_derivation_step_t )0x0101)

A secret input for key derivation.

This should be a key of type PSA_KEY_TYPE_DERIVE (passed to psa_key_derivation_input_key() ) or the shared secret resulting from a key agreement (obtained via psa_key_derivation_key_agreement() ).

The secret can also be a direct input (passed to key_derivation_input_bytes()). In this case, the derivation operation may not be used to derive keys: the operation will only allow psa_key_derivation_output_bytes() , psa_key_derivation_verify_bytes() , or psa_key_derivation_verify_key() , but not psa_key_derivation_output_key() .

PSA_KEY_DERIVATION_INPUT_PASSWORD

#define PSA_KEY_DERIVATION_INPUT_PASSWORD   (( psa_key_derivation_step_t )0x0102)

A low-entropy secret input for password hashing / key stretching.

This is usually a key of type PSA_KEY_TYPE_PASSWORD (passed to psa_key_derivation_input_key() ) or a direct input (passed to psa_key_derivation_input_bytes() ) that is a password or passphrase. It can also be high-entropy secret such as a key of type PSA_KEY_TYPE_DERIVE or the shared secret resulting from a key agreement.

The secret can also be a direct input (passed to key_derivation_input_bytes()). In this case, the derivation operation may not be used to derive keys: the operation will only allow psa_key_derivation_output_bytes() , psa_key_derivation_verify_bytes() , or psa_key_derivation_verify_key() , but not psa_key_derivation_output_key() .

PSA_KEY_DERIVATION_INPUT_OTHER_SECRET

#define PSA_KEY_DERIVATION_INPUT_OTHER_SECRET   (( psa_key_derivation_step_t )0x0103)

A high-entropy additional secret input for key derivation.

This is typically the shared secret resulting from a key agreement obtained via psa_key_derivation_key_agreement() . It may alternatively be a key of type PSA_KEY_TYPE_DERIVE passed to psa_key_derivation_input_key() , or a direct input passed to psa_key_derivation_input_bytes() .

PSA_KEY_DERIVATION_INPUT_LABEL

#define PSA_KEY_DERIVATION_INPUT_LABEL   (( psa_key_derivation_step_t )0x0201)

A label for key derivation.

This should be a direct input. It can also be a key of type PSA_KEY_TYPE_RAW_DATA .

PSA_KEY_DERIVATION_INPUT_SALT

#define PSA_KEY_DERIVATION_INPUT_SALT   (( psa_key_derivation_step_t )0x0202)

A salt for key derivation.

This should be a direct input. It can also be a key of type PSA_KEY_TYPE_RAW_DATA or PSA_KEY_TYPE_PEPPER .

PSA_KEY_DERIVATION_INPUT_INFO

#define PSA_KEY_DERIVATION_INPUT_INFO   (( psa_key_derivation_step_t )0x0203)

An information string for key derivation.

This should be a direct input. It can also be a key of type PSA_KEY_TYPE_RAW_DATA .

PSA_KEY_DERIVATION_INPUT_SEED

#define PSA_KEY_DERIVATION_INPUT_SEED   (( psa_key_derivation_step_t )0x0204)

A seed for key derivation.

This should be a direct input. It can also be a key of type PSA_KEY_TYPE_RAW_DATA .

PSA_KEY_DERIVATION_INPUT_COST

#define PSA_KEY_DERIVATION_INPUT_COST   (( psa_key_derivation_step_t )0x0205)

A cost parameter for password hashing / key stretching.

This must be a direct input, passed to psa_key_derivation_input_integer() .

Typedef Documentation

psa_key_derivation_step_t

Encoding of the step of a key derivation.

Values of this type are generally constructed by macros called PSA_KEY_DERIVATION_INPUT_xxx .