Lines Matching refs:derivation

234 * `"key_agreement"`: key agreement without a subsequent key derivation. Called by `psa_raw_key_agre…
306 ### Driver entry points for key derivation
308 Key derivation is more complex than other multipart operations for several reasons:
311 …n an operation combines a key agreement and a subsequent symmetric key derivation, each of which c…
315 #### Key derivation driver dispatch logic  argument
317 The core decides whether to dispatch a key derivation operation to a driver based on the location a…
323 2. Otherwise ([or on fallback?](#fallback-for-key-derivation-in-opaque-drivers)), if there is a tra…
328 A key derivation driver has the following entry points:
330 …ovides the [initial inputs](#key-derivation-driver-initial-inputs). See [“Key derivation driver se…
331derivation algorithm with long inputs, otherwise ignored): provide an extra input for the key deri…
332 …derive cryptographic material and output it. See [“Key derivation driver outputs”](#key-derivation
333 …hich remains inside the same secure element. See [“Key derivation driver outputs”](#key-derivation
334 … the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-deriv…
343 #### Key derivation driver initial inputs  argument
345 The core conveys the initial inputs for a key derivation via an opaque data structure of type `psa_…
373 …s()` to make a copy of the input data (design note: [why a copy?](#key-derivation-inputs-and-buffe…
399 * The first parameter `inputs` must be a pointer passed by the core to a key derivation driver setu…
409 … error. The driver will receive the input later as a [long input](#key-derivation-driver-long-inpu…
414 #### Key derivation driver setup  argument
416 A key derivation driver must implement the following entry point:
425 * `alg` is the algorithm for the key derivation operation. It does not include a key agreement comp…
426 … an opaque pointer to the [initial inputs](#key-derivation-driver-initial-inputs) for the key deri…
428 #### Key derivation driver long inputs  argument
430derivation algorithms take long inputs which it would not be practical to pass in the [initial inp…
439 At the time of writing, no standard key derivation algorithm has long inputs. It is likely that suc…
441 #### Key derivation driver operation capacity  argument
443 …put_key"`](#key-derivation-driver-outputs), i.e. for key types where the derived key material is n…
455 #### Key derivation driver outputs  argument
457 A key derivation driver must provide the following entry point:
464 An opaque key derivation driver may provide the following entry points:
478 The core calls a key derivation driver's output entry point when the application calls `psa_key_der…
480 If the key derivation's `PSA_KEY_DERIVATION_INPUT_SECRET` input is in a secure element and the deri…
499 If the key derivation operation is not handled by an opaque driver as described above, the core cal…
501 …rive_key"` entry point. See [“Transparent cooked key derivation”](#transparent-cooked-key-derivati…
504 #### Transparent cooked key derivation  argument
506derivation is said to be *raw* for some key types, where the key material of a derived (8×*n*)-bit…
508 A capability for cooked key derivation contains the following properties (this is not a subset of […
517 A transparent driver with the prefix `"acme"` that implements cooked key derivation must provide th…
550 See [“Open questions around cooked key derivation”](#open-questions-around-cooked-key-derivation) f…
554 The core always decouples key agreement from symmetric key derivation.
560 3. Perform the rest of the key derivation, up to and including the call to the `"key_derivation_abo…
775derivation-driver-outputs) and [`"key_agreement_key"`](#key-agreement) entry points. Transparent d…
1100 …location](#lifetimes-and-locations), or [as a fallback for key derivation](#key-derivation-driver-…
1188 TODO: derivation, copy
1371 #### Key derivation inputs and buffer ownership
1375 … does not own memory after the entry point returns. In the case of key derivation inputs, this cou…
1390 #### Mixing drivers in key derivation
1420 #### Open questions around cooked key derivation
1426 #### Fallback for key derivation in opaque drivers
1428 Should [dispatch to an opaque driver](#key-derivation-driver-dispatch-logic) allow fallback, so tha…
1430 Should the ["`key_derivation_output_key`"](#key-derivation-driver-outputs) capability indicate whic…