224b0d656a
Allow a direct input as the SECRET input step in a key derivation, in addition to allowing DERIVE keys. This makes it easier for applications to run a key derivation where the "secret" input is obtained from somewhere else. This makes it possible for the "secret" input to be empty (keys cannot be empty), which some protocols do (for example the IV derivation in EAP-TLS). Conversely, allow a RAW_DATA key as the INFO/LABEL/SALT/SEED input to a key derivation, in addition to allowing direct inputs. This doesn't improve security, but removes a step when a personalization parameter is stored in the key store, and allows this personalization parameter to remain opaque. Add test cases that explore step/key-type-and-keyhood combinations. |
||
---|---|---|
.. | ||
crypto.h | ||
crypto_accel_driver.h | ||
crypto_driver_common.h | ||
crypto_entropy_driver.h | ||
crypto_extra.h | ||
crypto_platform.h | ||
crypto_se_driver.h | ||
crypto_sizes.h | ||
crypto_struct.h | ||
crypto_types.h | ||
crypto_values.h |