mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-30 15:32:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge verification policies together

Browse Source 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2021-05-03 10:23:12 +02:00
parent d307f63597
commit 9023cacf15
2 changed files with 13 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/psa/crypto.h
View File

@ -3724,7 +3724,7 @@ psa_status_t psa_key_derivation_verify_bytes(
* \param[in,out] operation The key derivation operation object to read from. * \param[in,out] operation The key derivation operation object to read from.
* \param[in] expected A key of type #PSA_KEY_TYPE_RAW_DATA containing * \param[in] expected A key of type #PSA_KEY_TYPE_RAW_DATA containing
* the expected output. Its policy must include the * the expected output. Its policy must include the
* #PSA_KEY_USAGE_PASSWORD_HASH_VERIFIER flag. * #PSA_KEY_USAGE_VERIFY_DERIVATION flag.
* The value of this key was likely computed by a * The value of this key was likely computed by a
* previous call to psa_key_derivation_output_key(). * previous call to psa_key_derivation_output_key().
* *

28
include/psa/crypto_values.h
View File

@ -2199,25 +2199,21 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
*/ */
#define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00004000) #define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00004000)
/** Whether the key may be used to produce a password hash and verify it /** Whether the key may be used to verify the result of a key derivation,
* against an expected value. * including password hashing.
* *
* This flag allows the key to be used as the input of * This flag allows the key to be used:
* psa_key_derivation_input_key() at the step
* #PSA_KEY_DERIVATION_INPUT_SECRET of #PSA_KEY_DERIVATION_INPUT_PASSWORD
* depending on the algorithm, and allows the use of
* psa_key_derivation_verify_bytes() or
* psa_key_derivation_verify_key() at the end of the operation.
*/
#define PSA_KEY_USAGE_PASSWORD_HASH_AND_VERIFY ((psa_key_usage_t)0x00008000)
/** Whether the key may be used to as the expected value to which a password
* hash will be compared.
* *
* This flag allows key to be used as the \c key argument of * - for a key of type #PSA_KEY_TYPE_RAW_DATA, as the \c key argument of
* psa_key_derivation_verify_key(). * psa_key_derivation_verify_key();
* - for a key of type #PSA_KEY_TYPE_PASSWORD (or #PSA_KEY_TYPE_DERIVE), as
* the input to psa_key_derivation_input_key() at the step
* #PSA_KEY_DERIVATION_INPUT_PASSWORD (or #PSA_KEY_DERIVATION_INPUT_SECRET);
* then at the end of the operation use of psa_key_derivation_verify_bytes()
* or psa_key_derivation_verify_key() will be permitted (but not
* psa_key_derivation_output_xxx() unless #PSA_KEY_USAGE_DERIVE is set).
*/ */
#define PSA_KEY_USAGE_PASSWORD_HASH_VERIFIER ((psa_key_usage_t)0x00010000) #define PSA_KEY_USAGE_VERIFY_DERIVATION ((psa_key_usage_t)0x00008000)
/**@}*/ /**@}*/