yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Rename psa_pake_set_password_mhf()

Browse source 
This step is not necessarily a memory-hard function. Memory-hard
functions are the best of the breed at the moment, but that's due to
current hardware designs, and CPU-hard-but-not-memory-hard functions
like PBKDF2 are acceptable as well. We're using “key stretching” as the
generic term for such functions.

Signed-off-by: Janos Follath <janos.follath@arm.com>
This commit is contained in:
Janos Follath 2021-05-24 12:20:12 +01:00
parent 3ae6696811
commit d416838ffd
1 changed files with 11 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
include/psa/crypto.h
View file

@ -4328,7 +4328,7 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation,
* psa_pake_input() has been called yet). It must * psa_pake_input() has been called yet). It must
* be on operation for which the password hasn't * be on operation for which the password hasn't
* been set yet (neither * been set yet (neither
* psa_pake_set_password_mhf() nor * psa_pake_set_password_stretch() nor
* psa_pake_set_password_key() has been called * psa_pake_set_password_key() has been called
* yet). * yet).
* \param password Identifier of the key holding the password or a * \param password Identifier of the key holding the password or a
@ -4359,11 +4359,11 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation,
psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation,
mbedtls_svc_key_id_t password); mbedtls_svc_key_id_t password);
/** Set the password for a password-authenticated key exchange via a memory hard /** Set the password for a password-authenticated key exchange via a key
* function. * stretching function.
* *
* Some protocols require using values derived from passwords via memory hard * Some protocols use values derived from passwords via key stretching
* functions to mitigate dictionary attacks. Memory hard functions can be * functions to mitigate dictionary attacks. Key stretching functions can be
* accessed through the key derivation interface and the result can be supplied * accessed through the key derivation interface and the result can be supplied
* to the PAKE operation in the form of a key derivation object. * to the PAKE operation in the form of a key derivation object.
* *
@ -4383,7 +4383,7 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation,
* nor psa_pake_input() has been called yet). It * nor psa_pake_input() has been called yet). It
* must be on operation for which the password * must be on operation for which the password
* hasn't been set yet (neither * hasn't been set yet (neither
* psa_pake_set_password_mhf() nor * psa_pake_set_password_stretch() nor
* psa_pake_set_password_key() has been called * psa_pake_set_password_key() has been called
* yet). * yet).
* \param[in,out] key_derivation An ongoing key derivation operation set up * \param[in,out] key_derivation An ongoing key derivation operation set up
@ -4412,9 +4412,11 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation,
* It is implementation-dependent whether a failure to initialize * It is implementation-dependent whether a failure to initialize
* results in this error code. * results in this error code.
*/ */
psa_status_t psa_pake_set_password_mhf(psa_pake_operation_t *operation, psa_status_t psa_pake_set_password_stretch(
psa_key_derivation_operation_t *key_derivation, psa_pake_operation_t *operation,
size_t input_length); psa_key_derivation_operation_t *key_derivation,
size_t input_length
);
/** Set the user ID for a password-authenticated key exchange. /** Set the user ID for a password-authenticated key exchange.
* *