PSA_ALG_HKDF: add salt processing warning Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

commit: 73f97d484101aee030891cd4ecc44732bd1cee88 [log] [tgz]
author: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Fri Jun 03 09:05:08 2022 +0200
committer: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Fri Jun 03 16:18:15 2022 +0200
tree: 93bf09cb9c85af6d6ee296e9f404581c5e96c894
parent: f0f0bd068b25ca754078c3655229279fd8c58cc4 [diff] [blame]
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 764feb8..85878a7 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h

@@ -1737,6 +1737,12 @@
  * You may pass #PSA_KEY_DERIVATION_INPUT_INFO at any time after steup and before
  * starting to generate output.
  *
+ *  \warning  HKDF processes the salt as follows: first hash it with hash_alg
+ *  if the salt is longer than the block size of the hash algorithm; then
+ *  pad with null bytes up to the block size. As a result, it is possible
+ *  for distinct salt inputs to result in the same outputs. To ensure
+ *  unique outputs, it is recommended to use a fixed length for salt values.
+ *
  * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
  *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
  *
commit	73f97d484101aee030891cd4ecc44732bd1cee88	[log] [tgz]
author	Przemek Stekiel <przemyslaw.stekiel@mobica.com>	Fri Jun 03 09:05:08 2022 +0200
committer	Przemek Stekiel <przemyslaw.stekiel@mobica.com>	Fri Jun 03 16:18:15 2022 +0200
tree	93bf09cb9c85af6d6ee296e9f404581c5e96c894
parent	f0f0bd068b25ca754078c3655229279fd8c58cc4 [diff] [blame]