Function esp_idf_svc::hal::sys::psa_key_derivation_input_key

source ·
pub unsafe extern "C" fn psa_key_derivation_input_key(
    operation: *mut psa_key_derivation_s,
    step: u16,
    key: u32,
) -> i32
Expand description

Provide an input for key derivation in the form of a key.

Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.

This function obtains input from a key object, which is usually correct for secret inputs or for non-secret personalization strings kept in the key store. To pass a non-secret parameter which is not in the key store, call psa_key_derivation_input_bytes() instead of this function. Refer to the documentation of individual step types (PSA_KEY_DERIVATION_INPUT_xxx values of type ::psa_key_derivation_step_t) for more information.

If this function returns an error status, the operation enters an error state and must be aborted by calling psa_key_derivation_abort().

\param[in,out] operation The key derivation operation object to use. It must have been set up with psa_key_derivation_setup() and must not have produced any output yet. \param step Which step the input data is for. \param key Identifier of the key. It must have an appropriate type for step and must allow the usage #PSA_KEY_USAGE_DERIVE or #PSA_KEY_USAGE_VERIFY_DERIVATION (see note) and the algorithm used by the operation.

\note Once all inputs steps are completed, the operations will allow:

  • psa_key_derivation_output_bytes() if each input was either a direct input or a key with #PSA_KEY_USAGE_DERIVE set;
  • psa_key_derivation_output_key() or psa_key_derivation_output_key_ext() if the input for step #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD was from a key slot with #PSA_KEY_USAGE_DERIVE and each other input was either a direct input or a key with #PSA_KEY_USAGE_DERIVE set;
  • psa_key_derivation_verify_bytes() if each input was either a direct input or a key with #PSA_KEY_USAGE_VERIFY_DERIVATION set;
  • psa_key_derivation_verify_key() under the same conditions as psa_key_derivation_verify_bytes().

\retval #PSA_SUCCESS Success. \retval #PSA_ERROR_INVALID_HANDLE \emptydescription \retval #PSA_ERROR_NOT_PERMITTED The key allows neither #PSA_KEY_USAGE_DERIVE nor #PSA_KEY_USAGE_VERIFY_DERIVATION, or it doesn’t allow this algorithm. \retval #PSA_ERROR_INVALID_ARGUMENT \c step is not compatible with the operation’s algorithm, or \c step does not allow key inputs of the given type or does not allow key inputs at all. \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription \retval #PSA_ERROR_BAD_STATE The operation state is not valid for this input \p step, or the library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code.