From 759438cfce865317382c321cbc5d36ab285b067b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Apr 2021 11:18:53 +0200 Subject: [PATCH] PSA PBKDF2: add new policies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The documentation references functions that will be introduced in later commits, but hopefully from the naming it's already clear what those function will do. Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto_values.h | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 2c247d068..840be8b6c 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2097,10 +2097,38 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) */ #define PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t)0x00002000) -/** Whether the key may be used to derive other keys. +/** Whether the key may be used to derive other keys or produce a password + * hash. + * + * This flag allows the key to be used as the input of + * psa_key_derivation_input_key() at the step + * #PSA_KEY_DERIVATION_INPUT_SECRET of #PSA_KEY_DERIVATION_INPUT_PASSWORD + * depending on the algorithm, and allows the use of + * psa_key_derivation_output_bytes() or psa_key_derivation_output_key() + * at the end of the operation. */ #define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00004000) +/** Whether the key may be used to produce a password hash and verify it + * against an expected value. + * + * This flag allows the key to be used as the input of + * psa_key_derivation_input_key() at the step + * #PSA_KEY_DERIVATION_INPUT_SECRET of #PSA_KEY_DERIVATION_INPUT_PASSWORD + * depending on the algorithm, and allows the use of + * psa_key_derivation_verify_output_bytes() or + * psa_key_derivation_verify_output_key() at the end of the operation. + */ +#define PSA_KEY_USAGE_PASSWORD_HASH_AND_VERITY ((psa_key_usage_t)0x00008000) + +/** Whether the key may be used to as the expected value to which a password + * hash will be compared. + * + * This flag allows key to be used as the \c key argument of + * psa_key_derivation_verify_output_key(). + */ +#define PSA_KEY_USAGE_PASSWORD_HASH_VERIFIER ((psa_key_usage_t)0x00010000) + /**@}*/ /** \defgroup derivation Key derivation