Function esp_idf_svc::sys::psa_pake_get_implicit_key

source ·
pub unsafe extern "C" fn psa_pake_get_implicit_key(
    operation: *mut psa_pake_operation_s,
    output: *mut psa_key_derivation_s,
) -> i32
Expand description

Get implicitly confirmed shared secret from a PAKE.

At this point there is a cryptographic guarantee that only the authenticated party who used the same password is able to compute the key. But there is no guarantee that the peer is the party it claims to be and was able to do so.

That is, the authentication is only implicit. Since the peer is not authenticated yet, no action should be taken yet that assumes that the peer is who it claims to be. For example, do not access restricted files on the peer’s behalf until an explicit authentication has succeeded.

This function can be called after the key exchange phase of the operation has completed. It imports the shared secret output of the PAKE into the provided derivation operation. The input step #PSA_KEY_DERIVATION_INPUT_SECRET is used when placing the shared key material in the key derivation operation.

The exact sequence of calls to perform a password-authenticated key exchange depends on the algorithm in use. Refer to the documentation of individual PAKE algorithm types (PSA_ALG_XXX values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more information.

When this function returns successfully, \p operation becomes inactive. If this function returns an error status, both \p operation and \c key_derivation operations enter an error state and must be aborted by calling psa_pake_abort() and psa_key_derivation_abort() respectively.

\param[in,out] operation Active PAKE operation. \param[out] output A key derivation operation that is ready for an input step of type #PSA_KEY_DERIVATION_INPUT_SECRET.

\retval #PSA_SUCCESS Success. \retval #PSA_ERROR_INVALID_ARGUMENT #PSA_KEY_DERIVATION_INPUT_SECRET is not compatible with the algorithm in the \p output key derivation operation. \retval #PSA_ERROR_NOT_SUPPORTED Input from a PAKE is not supported by the algorithm in the \p output key derivation operation. \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription \retval #PSA_ERROR_DATA_CORRUPT \emptydescription \retval #PSA_ERROR_DATA_INVALID \emptydescription \retval #PSA_ERROR_BAD_STATE The PAKE operation state is not valid (it must be active, but beyond that validity is specific to the algorithm), or the library has not been previously initialized by psa_crypto_init(), or the state of \p output is not valid for the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the step is out of order or the application has done this step already and it may not be repeated. It is implementation-dependent whether a failure to initialize results in this error code.