1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
// Copyright 2020 Contributors to the Parsec project.
// SPDX-License-Identifier: Apache-2.0
//! # Key Derivation operations
use crateinitialized;
use crateAttributes;
use crateId;
use crateOperation;
use crate;
use ;
/// This function calculates output bytes from a key derivation algorithm and uses those bytes to generate a key deterministically.
/// The key's location, usage policy, type and size are taken from attributes.
/// # Example
///
/// ```
/// use psa_crypto::operations::{key_derivation, key_management};
/// use psa_crypto::types::key::{Attributes, Type, Lifetime, Policy, UsageFlags};
/// use psa_crypto::types::algorithm::{Hash, KeyDerivation};
/// use psa_crypto::types::key_derivation::{Operation, Inputs, Input, InputSecret};
///
/// # const KEY_DATA: [u8; 23] = [0; 23];
/// # let mut usage_flags: UsageFlags = Default::default();
/// # usage_flags.set_derive();
/// # let mut attributes = Attributes {
/// # key_type: Type::Derive,
/// # bits: 0,
/// # lifetime: Lifetime::Volatile,
/// # policy: Policy {
/// # usage_flags,
/// # permitted_algorithms: KeyDerivation::Hkdf {
/// # hash_alg: Hash::Sha256,
/// # }.into()
/// # }
/// # };
///
/// # let mut usage_flags: UsageFlags = Default::default();
/// # usage_flags.set_derive();
/// # let mut derived_key_attributes = Attributes {
/// # key_type: Type::RawData,
/// # bits: 8,
/// # lifetime: Lifetime::Volatile,
/// # policy: Policy {
/// # usage_flags,
/// # permitted_algorithms: KeyDerivation::Hkdf {
/// # hash_alg: Hash::Sha256,
/// # }.into()
/// # }
/// # };
///
/// psa_crypto::init().unwrap();
/// let my_key = key_management::import(attributes, None, &KEY_DATA).unwrap();
/// let info = vec![20; 0x3f];
/// let mut operation = Operation {
/// inputs: Inputs::Hkdf {
/// hash_alg: Hash::Sha256,
/// salt: None,
/// secret: InputSecret::Input(Input::Key(my_key)),
/// info: Input::Bytes(&info),
/// },
/// capacity: None,
/// };
/// let _new_key = key_derivation::output_key(operation, derived_key_attributes, None).unwrap();
/// ```