CKMC_PARAM_ED_LABEL, /**< buffer */
CKMC_PARAM_KDF_PRF = 401, /**< integer - pseudo-random function number (see #ckmc_kdf_prf_e) */
- CKMC_PARAM_KDF_LEN, /**< integer - length of the derived key */
+ CKMC_PARAM_KDF_LEN, /**< integer - length of the derived key in bytes. The value must be one of
+ {16, 24, 32} */
CKMC_PARAM_KBKDF_MODE, /**< integer - KDF mode number (see #ckmc_kbkdf_mode_e) */
- CKMC_PARAM_KBKDF_LABEL, /**< buffer - the purpose for the derived key */
- CKMC_PARAM_KBKDF_CONTEXT, /**< buffer - information related to the derived key */
+ CKMC_PARAM_KBKDF_LABEL, /**< buffer - the purpose for the derived key. Conflicts with
+ #CKMC_PARAM_KBKDF_FIXED_INPUT */
+
+ CKMC_PARAM_KBKDF_CONTEXT, /**< buffer - information related to the derived key. Conflicts with
+ #CKMC_PARAM_KBKDF_FIXED_INPUT */
+
+ CKMC_PARAM_KBKDF_FIXED_INPUT, /**< buffer - KBKDF fixed input replacing context and label.
+ Conflicts with:
+ - #CKMC_PARAM_KBKDF_LABEL,
+ - #CKMC_PARAM_KBKDF_CONTEXT,
+ - #CKMC_PARAM_KBKDF_LLEN,
+ - #CKMC_PARAM_KBKDF_NO_SEPARATOR */
+ CKMC_PARAM_KBKDF_COUNTER_LOCATION, /**< integer - specifies location of the counter in KBKDF
+ (see #ckmc_kbkdf_counter_location_e) */
+ CKMC_PARAM_KBKDF_RLEN, /**< integer - specifies the length of the counter representation in bits
+ in KBKDF. The value must be one of {8, 16, 24, 32}. If not set, the
+ default value = 32 will be used */
+ CKMC_PARAM_KBKDF_LLEN, /**< integer - specifies the length of the length suffix representation
+ in bits in KBKDF. The value must be one of {0, 8, 16, 24, 32}. If set to
+ 0 the length suffix will be skipped. If not set, the default value = 32
+ will be used. The length suffix is skipped if
+ #CKMC_PARAM_KBKDF_FIXED_INPUT is passed and this parameter conflicts
+ with it */
+ CKMC_PARAM_KBKDF_NO_SEPARATOR, /**< integer - presence of this parameter will skip the zero
+ octet separator between label and context in KBKDF.
+ All values are allowed. This parameter conflicts with
+ #CKMC_PARAM_KBKDF_FIXED_INPUT. */
CKMC_PARAM_ECDH_PUBKEY, /**< buffer - EC public key in DER form (see #ckmc_key_s) */
} ckmc_param_name_e;
*/
typedef enum __ckmc_kdf_prf {
CKMC_KDF_PRF_HMAC_SHA256 = 1, /**< HMAC SHA256 */
+ CKMC_KDF_PRF_HMAC_SHA384, /**< HMAC SHA384 */
+ CKMC_KDF_PRF_HMAC_SHA512, /**< HMAC SHA512 */
} ckmc_kdf_prf_e;
/**
} ckmc_kbkdf_mode_e;
/**
+ * @brief Enumeration for KBKDF counter location relative to fixed input
+ * @since_tizen 7.5
+ *
+ * @see ckmc_key_derive()
+ * @see #ckmc_param_name_e
+ */
+typedef enum __ckmc_kbkdf_counter_location {
+ CKMC_KBKDF_COUNTER_BEFORE_FIXED = 1, /**< Counter is located before fixed input */
+ CKMC_KBKDF_COUNTER_AFTER_FIXED, /**< Counter is located after fixed input */
+ CKMC_KBKDF_COUNTER_MIDDLE_FIXED, /**< Counter is located in the middle of the fixed input
+ (between context and label). This setting requires setting
+ #CKMC_PARAM_KBKDF_LABEL and #CKMC_PARAM_KBKDF_CONTEXT and
+ conflicts with #CKMC_PARAM_KBKDF_FIXED_INPUT. If this location
+ is used the separator will be skipped regardless of the
+ #CKMC_PARAM_KBKDF_NO_SEPARATOR parameter */
+} ckmc_kbkdf_counter_location_e;
+
+/**
* @brief Algorithm parameter list handle.
* @since_tizen 3.0
* @remarks Each parameter list must have at least one CKMC_PARAM_ALGO_TYPE parameter that identifies the algorithm.
(optional, not supported at the moment) */
CKMC_ALGO_KBKDF, /**< Key based key derivation algorithm
- Supported parameters (all are required):
- - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_KBKDF,
- - CKMC_PARAM_KDF_PRF = pseudo-random function (see #ckmc_kdf_prf_e),
- - CKMC_PARAM_KBKDF_MODE = KDF mode (see #ckmc_kbkdf_mode_e),
- - CKMC_PARAM_KBKDF_LABEL = the purpose for the derived key,
- - CKMC_PARAM_KBKDF_CONTEXT = information related to the derived key,
- - CKMC_PARAM_KDF_LEN = length of the derived key */
+ Supported parameters:
+ - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_KBKDF(mandatory),
+ - CKMC_PARAM_KDF_PRF = pseudo-random function (see #ckmc_kdf_prf_e)(mandatory),
+ - CKMC_PARAM_KBKDF_MODE = KDF mode (see #ckmc_kbkdf_mode_e)(mandatory),
+ - CKMC_PARAM_KBKDF_LABEL = the purpose for the derived key(optional),
+ - CKMC_PARAM_KBKDF_CONTEXT = information related to the derived key(optional),
+ - CKMC_PARAM_KDF_LEN = length of the derived key(mandatory)
+ - CKMC_PARAM_KBKDF_FIXED_INPUT = replacement for context and label(optional),
+ - CKMC_PARAM_KBKDF_COUNTER_LOCATION = counter location
+ (see #ckmc_kbkdf_counter_location_e)(mandatory),
+ - CKMC_PARAM_KBKDF_RLEN = length of the counter representation(optional),
+ - CKMC_PARAM_KBKDF_LLEN = length of the length suffix representation(optional),
+ - CKMC_PARAM_KBKDF_NO_SEPARATOR = existence of zero separator(optional) */
CKMC_ALGO_ECDH, /**< ECDH shared secret key agreement protocol
Supported parameters (all are required):