From 730f62a80ac675407359e28d4d887d4d90bffaec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 5 May 2021 10:05:06 +0200 Subject: [PATCH] Clarify the case of direct inputs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now use the same description for INPUT_SECRET and INPUT_PASSWORD too. Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto_values.h | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 0f156a80f..f7d83020b 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2267,10 +2267,11 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * * The secret can also be a direct input (passed to * key_derivation_input_bytes()). In this case, the derivation operation - * may not be used to derive keys: the operation will only allow + * may not be used to derive or verify keys: the operation will only allow * psa_key_derivation_output_bytes() or - * psa_key_derivation_verify_xxx() but not - * psa_key_derivation_output_key(). + * psa_key_derivation_verify_bytes() but not + * psa_key_derivation_output_key() or + * psa_key_derivation_verify_key(). */ #define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101) @@ -2282,9 +2283,13 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * also be high-entropy secret such as a key of type #PSA_KEY_TYPE_DERIVE or * the shared secret resulting from a key agreement. * - * If the secret is a direct input, the derivation operation - * may not be used to derive keys: the operation will only allow - * psa_key_derivation_output_bytes(), not psa_key_derivation_output_key(). + * The secret can also be a direct input (passed to + * key_derivation_input_bytes()). In this case, the derivation operation + * may not be used to derive or verify keys: the operation will only allow + * psa_key_derivation_output_bytes() or + * psa_key_derivation_verify_bytes(), not + * psa_key_derivation_output_key() or + * psa_key_derivation_verify_key(). */ #define PSA_KEY_DERIVATION_INPUT_PASSWORD ((psa_key_derivation_step_t)0x0102)