Key derivation
Description
Macros |
|
#define | PSA_KEY_DERIVATION_INPUT_SECRET (( psa_key_derivation_step_t )0x0101) |
A secret input for key derivation.
|
|
#define | PSA_KEY_DERIVATION_INPUT_PASSWORD (( psa_key_derivation_step_t )0x0102) |
A low-entropy secret input for password hashing / key stretching.
|
|
#define | PSA_KEY_DERIVATION_INPUT_OTHER_SECRET (( psa_key_derivation_step_t )0x0103) |
A high-entropy additional secret input for key derivation.
|
|
#define | PSA_KEY_DERIVATION_INPUT_LABEL (( psa_key_derivation_step_t )0x0201) |
A label for key derivation.
|
|
#define | PSA_KEY_DERIVATION_INPUT_SALT (( psa_key_derivation_step_t )0x0202) |
A salt for key derivation.
|
|
#define | PSA_KEY_DERIVATION_INPUT_INFO (( psa_key_derivation_step_t )0x0203) |
An information string for key derivation.
|
|
#define | PSA_KEY_DERIVATION_INPUT_SEED (( psa_key_derivation_step_t )0x0204) |
A seed for key derivation.
|
|
#define | PSA_KEY_DERIVATION_INPUT_COST (( psa_key_derivation_step_t )0x0205) |
A cost parameter for password hashing / key stretching.
|
|
Typedefs |
|
typedef uint16_t | psa_key_derivation_step_t |
Encoding of the step of a key derivation.
|
|
Macro Definition Documentation
◆ PSA_KEY_DERIVATION_INPUT_SECRET
#define PSA_KEY_DERIVATION_INPUT_SECRET (( psa_key_derivation_step_t )0x0101) |
A secret input for key derivation.
This should be a key of type PSA_KEY_TYPE_DERIVE (passed to psa_key_derivation_input_key() ) or the shared secret resulting from a key agreement (obtained via psa_key_derivation_key_agreement() ).
The secret can also be a direct input (passed to key_derivation_input_bytes()). In this case, the derivation operation may not be used to derive keys: the operation will only allow psa_key_derivation_output_bytes() , psa_key_derivation_verify_bytes() , or psa_key_derivation_verify_key() , but not psa_key_derivation_output_key() .
◆ PSA_KEY_DERIVATION_INPUT_PASSWORD
#define PSA_KEY_DERIVATION_INPUT_PASSWORD (( psa_key_derivation_step_t )0x0102) |
A low-entropy secret input for password hashing / key stretching.
This is usually a key of type PSA_KEY_TYPE_PASSWORD (passed to psa_key_derivation_input_key() ) or a direct input (passed to psa_key_derivation_input_bytes() ) that is a password or passphrase. It can also be high-entropy secret such as a key of type PSA_KEY_TYPE_DERIVE or the shared secret resulting from a key agreement.
The secret can also be a direct input (passed to key_derivation_input_bytes()). In this case, the derivation operation may not be used to derive keys: the operation will only allow psa_key_derivation_output_bytes() , psa_key_derivation_verify_bytes() , or psa_key_derivation_verify_key() , but not psa_key_derivation_output_key() .
◆ PSA_KEY_DERIVATION_INPUT_OTHER_SECRET
#define PSA_KEY_DERIVATION_INPUT_OTHER_SECRET (( psa_key_derivation_step_t )0x0103) |
A high-entropy additional secret input for key derivation.
This is typically the shared secret resulting from a key agreement obtained via
psa_key_derivation_key_agreement()
. It may alternatively be a key of type
PSA_KEY_TYPE_DERIVE
passed to
psa_key_derivation_input_key()
, or a direct input passed to
psa_key_derivation_input_bytes()
.
◆ PSA_KEY_DERIVATION_INPUT_LABEL
#define PSA_KEY_DERIVATION_INPUT_LABEL (( psa_key_derivation_step_t )0x0201) |
A label for key derivation.
This should be a direct input. It can also be a key of type PSA_KEY_TYPE_RAW_DATA .
◆ PSA_KEY_DERIVATION_INPUT_SALT
#define PSA_KEY_DERIVATION_INPUT_SALT (( psa_key_derivation_step_t )0x0202) |
A salt for key derivation.
This should be a direct input. It can also be a key of type PSA_KEY_TYPE_RAW_DATA or PSA_KEY_TYPE_PEPPER .
◆ PSA_KEY_DERIVATION_INPUT_INFO
#define PSA_KEY_DERIVATION_INPUT_INFO (( psa_key_derivation_step_t )0x0203) |
An information string for key derivation.
This should be a direct input. It can also be a key of type PSA_KEY_TYPE_RAW_DATA .
◆ PSA_KEY_DERIVATION_INPUT_SEED
#define PSA_KEY_DERIVATION_INPUT_SEED (( psa_key_derivation_step_t )0x0204) |
A seed for key derivation.
This should be a direct input. It can also be a key of type PSA_KEY_TYPE_RAW_DATA .
◆ PSA_KEY_DERIVATION_INPUT_COST
#define PSA_KEY_DERIVATION_INPUT_COST (( psa_key_derivation_step_t )0x0205) |
A cost parameter for password hashing / key stretching.
This must be a direct input, passed to psa_key_derivation_input_integer() .
Typedef Documentation
◆ psa_key_derivation_step_t
typedef uint16_t psa_key_derivation_step_t |
Encoding of the step of a key derivation.
Values of this type are generally constructed by macros called
PSA_KEY_DERIVATION_INPUT_xxx
.