PSA PBKDF2: add new policies
The documentation references functions that will be introduced in later
commits, but hopefully from the naming it's already clear what those
function will do.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 2c247d0..840be8b 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -2097,10 +2097,38 @@
*/
#define PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t)0x00002000)
-/** Whether the key may be used to derive other keys.
+/** Whether the key may be used to derive other keys or produce a password
+ * hash.
+ *
+ * This flag allows the key to be used as the input of
+ * psa_key_derivation_input_key() at the step
+ * #PSA_KEY_DERIVATION_INPUT_SECRET of #PSA_KEY_DERIVATION_INPUT_PASSWORD
+ * depending on the algorithm, and allows the use of
+ * psa_key_derivation_output_bytes() or psa_key_derivation_output_key()
+ * at the end of the operation.
*/
#define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00004000)
+/** Whether the key may be used to produce a password hash and verify it
+ * against an expected value.
+ *
+ * This flag allows the key to be used as the input of
+ * psa_key_derivation_input_key() at the step
+ * #PSA_KEY_DERIVATION_INPUT_SECRET of #PSA_KEY_DERIVATION_INPUT_PASSWORD
+ * depending on the algorithm, and allows the use of
+ * psa_key_derivation_verify_output_bytes() or
+ * psa_key_derivation_verify_output_key() at the end of the operation.
+ */
+#define PSA_KEY_USAGE_PASSWORD_HASH_AND_VERITY ((psa_key_usage_t)0x00008000)
+
+/** Whether the key may be used to as the expected value to which a password
+ * hash will be compared.
+ *
+ * This flag allows key to be used as the \c key argument of
+ * psa_key_derivation_verify_output_key().
+ */
+#define PSA_KEY_USAGE_PASSWORD_HASH_VERIFIER ((psa_key_usage_t)0x00010000)
+
/**@}*/
/** \defgroup derivation Key derivation