Key derivation: forbid output_key without input_key If none of the inputs to a key derivation is a PSA_KEY_DERIVATION_INPUT_SECRET passed with psa_key_derivation_input_key(), forbid psa_key_derivation_output_key(). It usually doesn't make sense to derive a key object if the secret isn't itself a proper key.

commit: 178c9aa96691c2ff9cdd1d194601b6c6353c6a7b [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Tue Sep 24 18:21:06 2019 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Tue Sep 24 18:39:03 2019 +0200
tree: 28cecb3619d44cbd15713785796d9c4a5c421105
parent: 1a2904c49aaf6aab1a2cb54aec7b76720515af96 [diff] [blame]
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 57d0651..6b6a9f8 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h

@@ -1622,7 +1622,11 @@
  * (passed to psa_key_derivation_input_key())
  * or the shared secret resulting from a key agreement
  * (obtained via psa_key_derivation_key_agreement()).
- * It can also be a direct input (passed to key_derivation_input_bytes()).
+ *
+ * The secret can also be a direct input (passed to
+ * key_derivation_input_bytes()). In this case, the derivation operation
+ * may not be used to derive keys: the operation will only allow
+ * psa_key_derivation_output_bytes(), not psa_key_derivation_output_key().
  */
 #define PSA_KEY_DERIVATION_INPUT_SECRET     ((psa_key_derivation_step_t)0x0101)
commit	178c9aa96691c2ff9cdd1d194601b6c6353c6a7b	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Tue Sep 24 18:21:06 2019 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Tue Sep 24 18:39:03 2019 +0200
tree	28cecb3619d44cbd15713785796d9c4a5c421105
parent	1a2904c49aaf6aab1a2cb54aec7b76720515af96 [diff] [blame]