Lines Matching full:a
17 * policies). As a consequence, they must not be changed (unless the storage
45 * If you must add a new
51 * (e.g. adding a space after casts).
66 /** The requested operation or a parameter is not supported
70 * parameter such as a key type, algorithm, etc. is not recognized.
71 * If a combination of parameters is recognized and identified as
75 /** The requested action is denied by a policy.
78 * are recognized as valid and supported, and a policy explicitly
81 * If a subset of the parameters of a function call identify a
91 * description to determine a sufficient buffer size.
94 * in cases when performing the operation with a larger output
96 * error if a function has invalid or unsupported parameters in addition
103 * to write an item (like a key) that already exists. */
108 * Implementations should return this error, if a requested item (like
109 * a key) does not exist. */
119 * that a key either exists or not,
123 * Implementations shall not return this error code to indicate that a
130 * Implementations may return this error any time a parameter or
133 * Implementations shall not return this error code to indicate that a
150 * error code if the implementation requires a mandatory log entry for
154 /** There was a communication failure inside the implementation.
156 * This can indicate a communication failure between the application
158 * an external volatile or persistent memory. A communication failure
161 * \warning If a function returns this error, it is undetermined
166 * cryptoprocessor but there was a breakdown of communication before
171 /** There was a storage failure that may have led to data loss.
174 * It should not be used for a corruption of volatile memory
175 * (use #PSA_ERROR_CORRUPTION_DETECTED), for a communication error
178 * in a valid state but is full (use #PSA_ERROR_INSUFFICIENT_STORAGE).
180 * Note that a storage failure does not indicate that any data that was
184 * When a storage failure occurs, it is no longer possible to ensure
190 * Implementations should only use this error code to report a
196 /** A hardware failure was detected.
198 * A hardware failure may be transient or permanent depending on the
202 /** A tampering attempt was detected.
207 * and should enter a safe failure state.
215 * This error code is intended as a last resort when a security breach
218 * to report an alarm from a tampering detector, to indicate that
222 * to indicate a hardware failure that merely makes it impossible to
229 * shall not return this error code as a consequence of the behavior of
236 * This error indicates a failure of a hardware random generator.
240 * an algorithm with a randomized result, as well as functions that
241 * use randomization of intermediate computations as a countermeasure
246 * entropy during initialization and subsequently use a cryptographically
248 * this error at any time if a policy requires the PRNG to be reseeded
268 * encryption. If the application must perform a decryption of
274 * In particular, the timing of a decryption operation should not
279 * to read from a resource. */
282 /** This can be returned if a function can no longer operate correctly.
284 * a mutex operation failed. */
297 * - A corruption of volatile memory - use #PSA_ERROR_CORRUPTION_DETECTED.
298 * - A communication error between the cryptoprocessor and its external
300 * - When the storage is in a valid state but is full - use
306 * \note A storage corruption does not indicate that any data that was
310 * When a storage failure occurs, it is no longer possible to ensure the
317 * This error indicates that some data read from storage does not have a valid
325 * This error is typically a result of either storage corruption on a
334 * error. This is not an error per se, more a notification of status.
347 * embedded in the persistent key store, as part of key metadata. As a
375 /** Whether a key type is vendor-defined.
382 /** Whether a key type is an unstructured array of bytes.
390 /** Whether a key type is asymmetric: either a key pair or a public key. */
395 /** Whether a key type is the public part of a key pair. */
398 /** Whether a key type is a key pair containing a private part and a public
402 /** The key pair type corresponding to a public key type.
404 * You may also pass a key pair type as \p type, it will be left unchanged.
406 * \param type A public key type or key pair type.
409 * If \p type is not a public key or a key pair,
414 /** The public key type corresponding to a key pair type.
416 * You may also pass a public key type as \p type, it will be left unchanged.
418 * \param type A public key type or key pair type.
421 * If \p type is not a public key or a key pair,
429 * A "key" of this type cannot be used for any cryptographic operation.
443 /** A secret for key derivation.
456 /** A low-entropy secret for password hashing or key derivation.
459 * intended to be memorizable by humans, and have a low entropy relative to
479 /** A secret value that can be used to verify a password hash.
487 /** A secret value that can be used in when computing a password hash.
494 /** Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.
501 /** Key for a cipher, AEAD or MAC algorithm based on the
505 /** Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
516 /** Key for a cipher, AEAD or MAC algorithm based on the
528 * with the initial counter value 1, you can process and discard a
543 /** Whether a key type is an RSA key (pair or public-only). */
553 * i.e. the bit size of *q* for a curve over a field *F<sub>q</sub>*.
556 * \param curve A value of type ::psa_ecc_family_t that
567 * \param curve A value of type ::psa_ecc_family_t that
573 /** Whether a key type is an elliptic curve key (pair or public-only). */
577 /** Whether a key type is an elliptic curve key pair. */
581 /** Whether a key type is an elliptic curve public key. */
603 * \note For secp224k1, the bit-size is 225 (size of a private value).
676 * _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
693 * Hamburg, _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
704 * \param group A value of type ::psa_dh_family_t that identifies the
711 * \param group A value of type ::psa_dh_family_t that identifies the
717 /** Whether a key type is a Diffie-Hellman key (pair or public-only). */
721 /** Whether a key type is a Diffie-Hellman key pair. */
725 /** Whether a key type is a Diffie-Hellman public key. */
730 /** Extract the group from a Diffie-Hellman key type. */
736 /** Diffie-Hellman groups defined in RFC 7919 Appendix A.
739 * 2048, 3072, 4096, 6144, 8192. A given implementation may support
740 * all of these sizes or only a subset.
746 /** The block size of a block cipher.
748 * \param type A cipher key type (value of type #psa_key_type_t).
750 * \return The block size for a block cipher, or 1 for a stream cipher.
751 * The return value is undefined if \p type is not a supported
754 * \note It is possible to build stream cipher algorithms on top of a block
760 * \note This macro returns a compile-time constant if its argument is one.
770 * as part of key metadata. As a consequence, they must not be changed
800 /** Whether the specified algorithm is a hash algorithm.
804 * \return 1 if \p alg is a hash algorithm, 0 otherwise.
805 * This macro may return either 0 or 1 if \p alg is not a supported
811 /** Whether the specified algorithm is a MAC algorithm.
815 * \return 1 if \p alg is a MAC algorithm, 0 otherwise.
816 * This macro may return either 0 or 1 if \p alg is not a supported
822 /** Whether the specified algorithm is a symmetric cipher algorithm.
826 * \return 1 if \p alg is a symmetric cipher algorithm, 0 otherwise.
827 * This macro may return either 0 or 1 if \p alg is not a supported
839 * This macro may return either 0 or 1 if \p alg is not a supported
851 * This macro may return either 0 or 1 if \p alg is not a supported
863 * This macro may return either 0 or 1 if \p alg is not a supported
869 /** Whether the specified algorithm is a key agreement algorithm.
873 * \return 1 if \p alg is a key agreement algorithm, 0 otherwise.
874 * This macro may return either 0 or 1 if \p alg is not a supported
880 /** Whether the specified algorithm is a key derivation algorithm.
884 * \return 1 if \p alg is a key derivation algorithm, 0 otherwise.
885 * This macro may return either 0 or 1 if \p alg is not a supported
891 /** Whether the specified algorithm is a key stretching / password hashing
894 * A key stretching / password hashing algorithm is a key derivation algorithm
895 * that is suitable for use with a low-entropy secret such as a password.
896 * Equivalently, it's a key derivation algorithm that uses a
901 * \return 1 if \p alg is a key stretching / password hashing algorithm, 0
902 * otherwise. This macro may return either 0 or 1 if \p alg is not a
944 * scenarios where a hash function based on SHA3/SHAKE is desired, SHA3-512
945 * has the same output size and a (theoretically) higher security strength.
949 /** In a hash-and-sign algorithm policy, allow any hash algorithm.
951 * This value may be used to form the algorithm usage field of a policy
952 * for a signature algorithm that is parametrized by a hash. The key
959 * Then you may create and use a key as follows:
967 * an algorithm built from `PSA_xxx_SIGNATURE` and a specific hash. Each
968 * call to sign or verify a message may use a different hash.
976 * parametrized over a hash. For any valid use of this macro to build
990 * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
994 * \return Unspecified if \p hash_alg is not a supported
1005 * HMAC is a family of MAC algorithms that are based on a hash function.
1010 * This macro may return either 0 or 1 if \p alg is not a supported
1017 /* In the encoding of a MAC algorithm, the bits corresponding to
1023 * is correctly encoded as a value between 1 and 63. */
1027 /* In the encoding of a MAC algorithm, the bit corresponding to
1029 * is a wildcard algorithm. A key with such wildcard algorithm as permitted
1031 * same base class and having a (potentially truncated) MAC length greater or
1035 /** Macro to build a truncated MAC algorithm.
1037 * A truncated MAC algorithm is identical to the corresponding MAC
1047 * \note It is implementation-defined whether a truncated MAC that
1052 * \param mac_alg A MAC algorithm identifier (value of type
1054 * is true). This may be a truncated or untruncated
1064 * \return Unspecified if \p mac_alg is not a supported
1073 /** Macro to build the base MAC algorithm corresponding to a truncated
1076 * \param mac_alg A MAC algorithm identifier (value of type
1078 * is true). This may be a truncated or untruncated
1082 * \return Unspecified if \p mac_alg is not a supported
1089 /** Length to which a MAC algorithm is truncated.
1091 * \param mac_alg A MAC algorithm identifier (value of type
1096 * \return 0 if \p mac_alg is a non-truncated MAC algorithm.
1097 * \return Unspecified if \p mac_alg is not a supported
1103 /** Macro to build a MAC minimum-MAC-length wildcard algorithm.
1105 * A minimum-MAC-length MAC wildcard algorithm permits all MAC algorithms
1114 * \param mac_alg A MAC algorithm identifier (value of type
1123 * \return Unspecified if \p mac_alg is not a supported MAC
1132 /** The CBC-MAC construction over a block cipher
1135 * A more secure mode, such as #PSA_ALG_CMAC, is recommended.
1138 /** The CMAC construction over a block cipher */
1141 /** Whether the specified algorithm is a MAC algorithm based on a block cipher.
1145 * \return 1 if \p alg is a MAC algorithm based on a block cipher, 0 otherwise.
1146 * This macro may return either 0 or 1 if \p alg is not a supported
1156 /** Whether the specified algorithm is a stream cipher.
1158 * A stream cipher is a symmetric cipher that encrypts or decrypts messages
1159 * by applying a bitwise-xor with a stream of bytes that is generated
1160 * from a key.
1164 * \return 1 if \p alg is a stream cipher algorithm, 0 otherwise.
1165 * This macro may return either 0 or 1 if \p alg is not a supported
1166 * algorithm identifier or if it is not a symmetric cipher algorithm.
1172 /** The stream cipher mode of a stream cipher algorithm.
1175 * - To use ChaCha20, use a key type of #PSA_KEY_TYPE_CHACHA20.
1181 * CTR is a stream cipher which is built from a block cipher.
1184 * a key of type #PSA_KEY_TYPE_AES and a length of 128 bits (16 bytes).
1202 * XTS is a cipher mode which is built from a block cipher. It requires at
1204 * does not need to be a whole number of blocks.
1208 /** The Electronic Code Book (ECB) mode of a block cipher, with no padding.
1219 * This symmetric cipher mode can only be used with messages whose lengths are a
1222 * ECB mode does not accept an initialization vector (IV). When using a
1247 /** Whether the specified algorithm is an AEAD mode on a block cipher.
1252 * a block cipher, 0 otherwise.
1253 * This macro may return either 0 or 1 if \p alg is not a supported
1268 * This is CCM* as specified in IEEE 802.15.4 §7, with a tag length of 0.
1269 * For CCM* with a nonzero tag length, use the AEAD algorithm #PSA_ALG_CCM.
1303 * is a wildcard algorithm. A key with such wildcard algorithm as permitted
1305 * same base class and having a tag length greater than or equal to the one
1309 /** Macro to build a shortened AEAD algorithm.
1311 * A shortened AEAD algorithm is similar to the corresponding AEAD
1323 * \return Unspecified if \p aead_alg is not a supported
1333 /** Retrieve the tag length of a specified AEAD algorithm
1340 * \return Unspecified if \p aead_alg is not a supported
1368 * A minimum-tag-length AEAD wildcard algorithm permits all AEAD algorithms
1386 * \return Unspecified if \p aead_alg is not a supported
1401 * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
1404 * when specifying the algorithm in a usage policy.
1407 * \return Unspecified if \p hash_alg is not a supported
1429 * a salt length equal to the length of the hash, or the largest
1435 * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
1438 * when specifying the algorithm in a usage policy.
1441 * \return Unspecified if \p hash_alg is not a supported
1450 * but allows an arbitrary salt length (including \c 0) when verifying a
1453 * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
1456 * when specifying the algorithm in a usage policy.
1459 * \return Unspecified if \p hash_alg is not a supported
1471 * where \c hash_alg is a hash algorithm or
1474 * a supported algorithm identifier or policy.
1485 * where \c hash_alg is a hash algorithm or
1488 * a supported algorithm identifier or policy.
1503 * where \c hash_alg is a hash algorithm or
1506 * a supported algorithm identifier or policy.
1516 * with a random per-message secret number (*k*).
1518 * The representation of the signature as a byte string consists of
1524 * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
1527 * when specifying the algorithm in a usage policy.
1530 * \return Unspecified if \p hash_alg is not a supported
1538 * without specifying a hash algorithm. This algorithm may only be
1539 * used to sign or verify a sequence of bytes that should be an
1550 * The representation of a signature is the same as with #PSA_ALG_ECDSA().
1558 * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
1561 * when specifying the algorithm in a usage policy.
1565 * \return Unspecified if \p hash_alg is not a supported
1586 * context as a parameter. A future version of this specification may add
1589 * PureEdDSA requires an elliptic curve key on a twisted Edwards curve.
1606 * RFC 8032 §5.1.6 and §5.2.6 (a 64-byte string for Ed25519, a 114-byte
1625 * This is a hash-and-sign algorithm: to calculate a signature,
1630 * or with a multi-part hash operation started with psa_hash_setup(),
1633 * Verifying a signature is similar, using psa_verify_message() or
1650 * This is a hash-and-sign algorithm: to calculate a signature,
1655 * or with a multi-part hash operation started with psa_hash_setup(),
1658 * Verifying a signature is similar, using psa_verify_message() or
1669 /** Whether the specified algorithm is a signature algorithm that can be used
1680 * \return 1 if alg is a signature algorithm that can be used to sign a
1681 * hash. 0 if alg is a signature algorithm that can only be used
1682 * to sign a message. 0 if alg is not a signature algorithm.
1683 * This macro can return either 0 or 1 if alg is not a
1691 /** Whether the specified algorithm is a signature algorithm that can be used
1696 * \return 1 if alg is a signature algorithm that can be used to sign a
1697 * message. 0 if \p alg is a signature algorithm that can only be used
1698 * to sign an already-calculated hash. 0 if \p alg is not a signature
1699 * algorithm. This macro can return either 0 or 1 if \p alg is not a
1705 /** Whether the specified algorithm is a hash-and-sign algorithm.
1708 * structured in two parts: first the calculation of a hash in a way that
1709 * does not depend on the key, then the calculation of a signature from the
1714 * Thus, for a hash-and-sign algorithm,
1727 * \return 1 if \p alg is a hash-and-sign algorithm, 0 otherwise.
1728 * This macro may return either 0 or 1 if \p alg is not a supported
1735 /** Get the hash used by a hash-and-sign signature algorithm.
1737 * A hash-and-sign algorithm is a signature algorithm which is
1738 * composed of two phases: first a hashing phase which does not use
1739 * the key and produces a hash of the input message, then a signing
1743 * \param alg A signature algorithm (\c PSA_ALG_XXX value such that
1746 * \return The underlying hash algorithm if \p alg is a hash-and-sign
1748 * \return 0 if \p alg is a signature algorithm that does not
1750 * \return Unspecified if \p alg is not a signature algorithm or
1760 * \warning Calling psa_asymmetric_decrypt() with this algorithm as a
1762 * (CWE-242). Unless it is used in a side channel free and safe
1781 * \return Unspecified if \p hash_alg is not a supported
1809 * pad with null bytes up to the block size. As a result, it is possible
1811 * unique outputs, it is recommended to use a fixed length for salt values.
1813 * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
1817 * \return Unspecified if \p hash_alg is not a supported
1824 * HKDF is a family of key derivation algorithms that are based on a hash
1830 * This macro may return either 0 or 1 if \c alg is not a supported
1853 * as a separate algorithm for the sake of protocols that use it as a
1854 * building block. It may also be a slight performance optimization
1860 * pad with null bytes up to the block size. As a result, it is possible
1862 * unique outputs, it is recommended to use a fixed length for salt values.
1864 * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
1868 * \return Unspecified if \p hash_alg is not a supported
1875 * HKDF-Extract is a family of key derivation algorithms that are based
1876 * on a hash function and the HMAC construction.
1881 * This macro may return either 0 or 1 if \c alg is not a supported
1902 * a separate algorithm for the sake of protocols that use it as a building
1903 * block. It may also be a slight performance optimization in applications
1906 * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
1910 * \return Unspecified if \p hash_alg is not a supported
1917 * HKDF-Expand is a family of key derivation algorithms that are based
1918 * on a hash function and the HMAC construction.
1923 * This macro may return either 0 or 1 if \c alg is not a supported
1936 * This macro may return either 0 or 1 if \c alg is not a supported
1945 /** Macro to build a TLS-1.2 PRF algorithm.
1947 * TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule,
1964 * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
1968 * \return Unspecified if \p hash_alg is not a supported
1974 /** Whether the specified algorithm is a TLS-1.2 PRF algorithm.
1978 * \return 1 if \c alg is a TLS-1.2 PRF algorithm, 0 otherwise.
1979 * This macro may return either 0 or 1 if \c alg is not a supported
1988 /** Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm.
1990 * In a pure-PSK handshake in TLS 1.2, the master secret is derived
2001 * if omitted, it defaults to a string of null bytes with the same length
2011 * - for a plain PSK cipher suite (RFC 4279, Section 2), omit
2013 * - for a DHE-PSK (RFC 4279, Section 3) or ECDHE-PSK cipher suite
2016 * The recommended way to pass this input is to use a key derivation
2023 * - for a RSA-PSK cipher suite (RFC 4279, Section 4), the other secret
2026 * a 46-byte random string chosen by the client. On the server, this is
2034 * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
2038 * \return Unspecified if \p hash_alg is not a supported
2044 /** Whether the specified algorithm is a TLS-1.2 PSK to MS algorithm.
2048 * \return 1 if \c alg is a TLS-1.2 PSK to MS algorithm, 0 otherwise.
2049 * This macro may return either 0 or 1 if \c alg is not a supported
2062 * This function takes a single input:
2066 * The output has to be read as a single chunk of 32 bytes, defined as
2076 * Those algorithms cannot be combined with a key agreement algorithm.
2081 /** Macro to build a PBKDF2-HMAC password hashing / key stretching algorithm.
2084 * This macro specifies the PBKDF2 algorithm constructed using a PRF based on
2100 * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
2104 * \return Unspecified if \p hash_alg is not a supported
2110 /** Whether the specified algorithm is a PBKDF2-HMAC algorithm.
2114 * \return 1 if \c alg is a PBKDF2-HMAC algorithm, 0 otherwise.
2115 * This macro may return either 0 or 1 if \c alg is not a supported
2140 /** Macro to build a combined algorithm that chains a key agreement with
2141 * a key derivation.
2143 * \param ka_alg A key agreement algorithm (\c PSA_ALG_XXX value such
2145 * \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such
2150 * \return Unspecified if \p ka_alg is not a supported
2151 * key agreement algorithm or \p kdf_alg is not a
2163 /** Whether the specified algorithm is a raw key agreement algorithm.
2165 * A raw key agreement algorithm is one that does not specify
2166 * a key derivation function.
2168 * a \c PSA_ALG_xxx macro while non-raw key agreement algorithms are
2173 * \return 1 if \p alg is a raw key agreement algorithm, 0 otherwise.
2174 * This macro may return either 0 or 1 if \p alg is not a supported
2193 /** Whether the specified algorithm is a finite field Diffie-Hellman algorithm.
2201 * \return 1 if \c alg is a finite field Diffie-Hellman algorithm, 0 otherwise.
2202 * This macro may return either 0 or 1 if \c alg is not a supported
2213 * order of the curve's coordinate field. When `m` is not a multiple of 8,
2246 * This macro may return either 0 or 1 if \c alg is not a supported
2252 /** Whether the specified algorithm encoding is a wildcard.
2255 * a policy, not to perform an operation.
2259 * \return 1 if \c alg is a wildcard algorithm encoding.
2260 * \return 0 if \c alg is a non-wildcard algorithm encoding (suitable for
2262 * \return This macro may return either 0 or 1 if \c alg is not a supported
2274 /** Get the hash used by a composite algorithm.
2278 * \return The underlying hash algorithm if alg is a composite algorithm that
2279 * uses a hash algorithm.
2281 * \return \c 0 if alg is not a composite algorithm that uses a hash.
2293 * persistent key store, as part of key metadata. As a consequence, they
2299 * A volatile key only exists as long as the identifier to it is not destroyed.
2300 * The key material is guaranteed to be erased on a power reset.
2302 * A key with this lifetime is typically stored in the RAM area of the
2304 * If an implementation stores data about the key in a non-volatile memory,
2312 * A persistent key remains in storage until it is explicitly destroyed or
2314 * not define any mechanism to wipe a storage area, but integrations may
2315 * provide their own mechanism (for example to perform a factory reset,
2336 /** A persistence level indicating that a key is never destroyed.
2348 /** Whether a key lifetime indicates that the key is volatile.
2350 * A volatile key is automatically destroyed by the implementation when
2351 * the application instance terminates. In particular, a volatile key
2352 * is automatically destroyed on a power reset of the device.
2354 * A key that is not volatile is persistent. Persistent keys are
2357 * a factory reset).
2368 /** Whether a key lifetime indicates that the key is read-only.
2374 * consider a platform with multiple levels of privilege, where a
2375 * low-privilege application can use a key but is not allowed to destroy
2376 * it, and the platform exposes the key to the application with a read-only
2389 /** Construct a lifetime from a persistence level and a location.
2404 * keys without delegating the storage to a third-party cryptoprocessor.
2413 * persistent key store, as part of key metadata. As a consequence, they
2422 /** The minimum value for a key identifier chosen by the application.
2425 /** The maximum value for a key identifier chosen by the application.
2428 /** The minimum value for a key identifier chosen by the implementation.
2431 /** The maximum value for a key identifier chosen by the implementation.
2442 /** Utility to initialize a key identifier at runtime.
2468 /** Check whether a key identifier is null.
2485 /** Utility to initialize a key identifier at runtime.
2511 /** Check whether a key identifier is null.
2531 * persistent key store, as part of key metadata. As a consequence, they
2537 * A public key or the public part of a key pair may always be exported
2540 * If a key does not have export permission, implementations shall not
2542 * whether through psa_export_key() or through a proprietary interface.
2543 * The key may however be exportable in a wrapped form, i.e. in a form
2550 * This flag allows the use of psa_copy_key() to make a copy of the key
2551 * with the same policy or a more restrictive policy.
2553 * For lifetimes for which the key is located in a secure element which
2554 * enforce the non-exportability of keys, copying a key outside the secure
2564 /** Whether the key may be used to encrypt a message.
2566 * This flag allows the key to be used for a symmetric encryption operation,
2571 * For a key pair, this concerns the public key.
2575 /** Whether the key may be used to decrypt a message.
2577 * This flag allows the key to be used for a symmetric decryption operation,
2582 * For a key pair, this concerns the private key.
2586 /** Whether the key may be used to sign a message.
2588 * This flag allows the key to be used for a MAC calculation operation or for
2592 * For a key pair, this concerns the private key.
2596 /** Whether the key may be used to verify a message.
2598 * This flag allows the key to be used for a MAC verification operation or for
2602 * For a key pair, this concerns the public key.
2606 /** Whether the key may be used to sign a message.
2608 * This flag allows the key to be used for a MAC calculation operation
2612 * For a key pair, this concerns the private key.
2616 /** Whether the key may be used to verify a message signature.
2618 * This flag allows the key to be used for a MAC verification operation
2622 * For a key pair, this concerns the public key.
2626 /** Whether the key may be used to derive other keys or produce a password
2629 * This flag allows the key to be used for a key derivation operation or for
2630 * a key agreement operation, if otherwise permitted by the key's type and
2634 * psa_key_derivation_input_key() for a key derivation operation, then it
2640 /** Whether the key may be used to verify the result of a key derivation,
2645 * This flag allows the key to be used in a key derivation operation, if
2649 * psa_key_derivation_input_key() for a key derivation operation, then it
2664 /** A secret input for key derivation.
2666 * This should be a key of type #PSA_KEY_TYPE_DERIVE
2668 * or the shared secret resulting from a key agreement
2671 * The secret can also be a direct input (passed to
2681 /** A low-entropy secret input for password hashing / key stretching.
2683 * This is usually a key of type #PSA_KEY_TYPE_PASSWORD (passed to
2684 * psa_key_derivation_input_key()) or a direct input (passed to
2685 * psa_key_derivation_input_bytes()) that is a password or passphrase. It can
2686 * also be high-entropy secret such as a key of type #PSA_KEY_TYPE_DERIVE or
2687 * the shared secret resulting from a key agreement.
2689 * The secret can also be a direct input (passed to
2699 /** A high-entropy additional secret input for key derivation.
2701 * This is typically the shared secret resulting from a key agreement obtained
2702 * via `psa_key_derivation_key_agreement()`. It may alternatively be a key of
2704 * a direct input passed to `psa_key_derivation_input_bytes()`.
2709 /** A label for key derivation.
2711 * This should be a direct input.
2712 * It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
2716 /** A salt for key derivation.
2718 * This should be a direct input.
2719 * It can also be a key of type #PSA_KEY_TYPE_RAW_DATA or
2726 * This should be a direct input.
2727 * It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
2731 /** A seed for key derivation.
2733 * This should be a direct input.
2734 * It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
2738 /** A cost parameter for password hashing / key stretching.
2740 * This must be a direct input, passed to psa_key_derivation_input_integer().
2761 * a supported AEAD algorithm.
2777 * function in a single call.