samples: Add sample for PSA PBKDF2 #13285
Conversation
joerchan
requested review from
frkv,
Vge0rge,
vili-nordic,
SebastianBoe,
mswarowsky,
carlescufi and
tejlmand
as code owners
github-actions
bot
added
changelog-entry-required
Test specificationCI/Jenkins/NRF
CI/Jenkins/integration
Detailed information of selected test modules Note: This message is automatically posted and updated by the CI |
| CONFIG_TFM_PROFILE_TYPE_NOT_SET=y | ||
|
|
||
| # Using hardware crypto accelerator | ||
| CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y |
There was a problem hiding this comment.
Why are we skipping here CONFIG_PSA_CRYPTO_DRIVER_OBERON
There was a problem hiding this comment.
It's copy-paste from the HKDF sample.
It's skipped because TF-M makes sure of this, TF-M depend on key derivation from oberon.
samples/crypto/pbkdf2/README.rst
Outdated
| a. The input key is imported into the PSA crypto keystore. | ||
| #. The output key is derived. |
There was a problem hiding this comment.
If these are actions of the sample, as the lead-in sentence says, can these be active instead of passive?
Imports the input key into the PSA crypto keystore.
Derives the output key.
samples/crypto/pbkdf2/README.rst
Outdated
|
|
||
| #. Cleanup: | ||
|
|
||
| a. The input and the output keys are removed from the PSA crypto keystore. |
There was a problem hiding this comment.
Removes the input and output keys from the PSA crypto keystore.
There was a problem hiding this comment.
I'm a little confused by the logic of these last two steps: it imports/derives the keys, then removes them? What's the end result?
There was a problem hiding this comment.
I've updated to say input password, instead of input key, since we are deriving from a password in this sample.
Also, the sample is using output_bytes, instead of output_key, so there is no output key after the key derivation.
I'm removing any mention of output key in the key store.
The end results is the derived key, in the application, instead of the key store.
Usually you would want to keep the derived key in the key_store and only use it by reference, but in this case we are outputting the key to the application
|
You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds. Note: This comment is automatically posted by the Documentation Publishing GitHub Action. |
Add sample to demonstrate PBKDF2 use-case. Signed-off-by: Joakim Andersson <[email protected]>
| @@ -0,0 +1,5 @@ | |||
| # Enable both oberon driver and hardware crypto accelerator | |||
| # Key derivation is only supported in software driver but is using chained | |||
| # driver to accelerate sub-operations. | |||
There was a problem hiding this comment.
| # driver to accelerate sub-operations. | |
| # driver which will use hardware accelerated crypto for low-level operations, if enabled. |
| @@ -0,0 +1,5 @@ | |||
| # Enable both oberon driver and hardware crypto accelerator | |||
| # Key derivation is only supported in software driver but is using chained | |||
| # driver to accelerate sub-operations. | |||
There was a problem hiding this comment.
| # driver to accelerate sub-operations. | |
| # driver which will use hardware accelerated crypto for low-level operations, if enabled. |
No description provided.