Function esp_idf_sys::psa_key_derivation_verify_key

source ·
pub unsafe extern "C" fn psa_key_derivation_verify_key(
    operation: *mut psa_key_derivation_operation_t,
    expected: psa_key_id_t,
) -> psa_status_t
Expand description

Compare output data from a key derivation operation to an expected value stored in a key object.

This function calculates output bytes from a key derivation algorithm and compares those bytes to an expected value, provided as key of type #PSA_KEY_TYPE_PASSWORD_HASH. If you view the key derivation’s output as a stream of bytes, this function destructively reads the number of bytes corresponding to the length of the expected value from the stream before comparing them. The operation’s capacity decreases by the number of bytes read.

This is functionally equivalent to exporting the key and calling psa_key_derivation_verify_bytes() on the result, except that it works even if the key cannot be exported.

If this function returns an error status other than #PSA_ERROR_INSUFFICIENT_DATA or #PSA_ERROR_INVALID_SIGNATURE, the operation enters an error state and must be aborted by calling psa_key_derivation_abort().

\param[in,out] operation The key derivation operation object to read from. \param[in] expected A key of type #PSA_KEY_TYPE_PASSWORD_HASH containing the expected output. Its policy must include the #PSA_KEY_USAGE_VERIFY_DERIVATION flag and the permitted algorithm must match the operation. The value of this key was likely computed by a previous call to psa_key_derivation_output_key().

\retval #PSA_SUCCESS \emptydescription \retval #PSA_ERROR_INVALID_SIGNATURE The output was read successfully, but if differs from the expected output. \retval #PSA_ERROR_INVALID_HANDLE The key passed as the expected value does not exist. \retval #PSA_ERROR_INVALID_ARGUMENT The key passed as the expected value has an invalid type. \retval #PSA_ERROR_NOT_PERMITTED The key passed as the expected value does not allow this usage or this algorithm; or one of the inputs was a key whose policy didn’t allow #PSA_KEY_USAGE_VERIFY_DERIVATION. \retval #PSA_ERROR_INSUFFICIENT_DATA The operation’s capacity was less than the length of the expected value. In this case, the operation’s capacity is set to 0, thus subsequent calls to this function will not succeed, even with a smaller expected output. \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription \retval #PSA_ERROR_BAD_STATE The operation state is not valid (it must be active and completed all required input steps), or the library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code.