You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Generation of some key types can be computationally expensive.
726
726
For example, RSA keys, and elliptic curve public keys.
727
727
728
-
For such keys, an interruptible keygeneration operation can be used instead of calling `psa_generate_key()`, in applications that have bounded execution requirements for use cases that require key generation.
728
+
For such keys, an interruptible key-generation operation can be used instead of calling `psa_generate_key()`, in applications that have bounded execution requirements for use cases that require key generation.
729
729
730
730
.. note::
731
731
An implementation of the |API| does not need to provide incremental generation for all key types supported by the implementation.
732
732
Use `psa_generate_key()` to create keys for types that do not need to be incrementally generated.
733
733
734
-
An interruptible keygeneration operation is used as follows:
734
+
An interruptible key-generation operation is used as follows:
735
735
736
-
1. Allocate an interruptible keygeneration operation object, of type `psa_generate_key_iop_t`, which will be passed to all the functions listed here.
736
+
1. Allocate an interruptible key-generation operation object, of type `psa_generate_key_iop_t`, which will be passed to all the functions listed here.
737
737
#. Initialize the operation object with one of the methods described in the documentation for `psa_generate_key_iop_t`, for example, `PSA_GENERATE_KEY_IOP_INIT`.
738
738
#. Call `psa_generate_key_iop_setup()` to specify the key attributes.
739
739
#. Call `psa_generate_key_iop_complete()` to finish generating the key, until this function does not return :code:`PSA_OPERATION_INCOMPLETE`.
@@ -742,11 +742,11 @@ An interruptible key generation operation is used as follows:
742
742
.. typedef:: /* implementation-defined type */ psa_generate_key_iop_t
743
743
744
744
.. summary::
745
-
The type of the state data structure for an interruptible keygeneration operation.
745
+
The type of the state data structure for an interruptible key-generation operation.
746
746
747
747
.. versionadded:: 1.x
748
748
749
-
Before calling any function on an interruptible keygeneration operation object, the application must initialize it by any of the following means:
749
+
Before calling any function on an interruptible key-generation operation object, the application must initialize it by any of the following means:
750
750
751
751
* Set the object to all-bits-zero, for example:
752
752
@@ -781,14 +781,14 @@ An interruptible key generation operation is used as follows:
781
781
:definition: /* implementation-defined value */
782
782
783
783
.. summary::
784
-
This macro evaluates to an initializer for an interruptible keygeneration operation object of type `psa_generate_key_iop_t`.
784
+
This macro evaluates to an initializer for an interruptible key-generation operation object of type `psa_generate_key_iop_t`.
785
785
786
786
.. versionadded:: 1.x
787
787
788
788
.. function:: psa_generate_key_iop_init
789
789
790
790
.. summary::
791
-
Return an initial value for an interruptible keygeneration operation object.
791
+
Return an initial value for an interruptible key-generation operation object.
792
792
793
793
.. versionadded:: 1.x
794
794
@@ -797,12 +797,12 @@ An interruptible key generation operation is used as follows:
797
797
.. function:: psa_generate_key_iop_get_num_ops
798
798
799
799
.. summary::
800
-
Get the number of *ops* that an interruptible keygeneration operation has taken so far.
800
+
Get the number of *ops* that an interruptible key-generation operation has taken so far.
801
801
802
802
.. versionadded:: 1.x
803
803
804
804
.. param:: psa_generate_key_iop_t * operation
805
-
The interruptible keygeneration operation to inspect.
805
+
The interruptible key-generation operation to inspect.
806
806
807
807
.. return:: uint32_t
808
808
Number of *ops* that the operation has taken so far.
@@ -822,7 +822,7 @@ An interruptible key generation operation is used as follows:
822
822
.. versionadded:: 1.x
823
823
824
824
.. param:: psa_generate_key_iop_t * operation
825
-
The interruptible keygeneration operation to set up.
825
+
The interruptible key-generation operation to set up.
826
826
It must have been initialized as per the documentation for `psa_generate_key_iop_t`, and be inactive.
@@ -910,7 +910,7 @@ An interruptible key generation operation is used as follows:
910
910
.. versionadded:: 1.x
911
911
912
912
.. param:: psa_generate_key_iop_t * operation
913
-
The interruptible keygeneration operation to use.
913
+
The interruptible key-generation operation to use.
914
914
The operation must be active.
915
915
.. param:: psa_key_id_t * key
916
916
On success, an identifier for the newly created key.
@@ -951,12 +951,12 @@ An interruptible key generation operation is used as follows:
951
951
.. function:: psa_generate_key_iop_abort
952
952
953
953
.. summary::
954
-
Abort an interruptible keygeneration operation.
954
+
Abort an interruptible key-generation operation.
955
955
956
956
.. versionadded:: 1.x
957
957
958
958
.. param:: psa_generate_key_iop_t * operation
959
-
The interruptible keygeneration operation to abort.
959
+
The interruptible key-generation operation to abort.
960
960
961
961
.. return:: psa_status_t
962
962
.. retval:: PSA_SUCCESS
@@ -979,7 +979,7 @@ An interruptible key generation operation is used as follows:
979
979
Interruptible public-key export
980
980
-------------------------------
981
981
982
-
Extracting a public key from an asymmetric key-pair can be computationally expensive.
982
+
Extracting a public key from an asymmetric keypair can be computationally expensive.
983
983
For example, computing an elliptic curve public key from the private key.
984
984
985
985
An interruptible public-key export operation can be used instead of calling `psa_export_public_key()`, in applications that have bounded execution requirements for use cases that require public-key export.
Copy file name to clipboardExpand all lines: doc/crypto/api/ops/key-agreement.rst
+24-24Lines changed: 24 additions & 24 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,10 +17,10 @@ Three functions are provided for a Diffie-Hellman-style key agreement where each
17
17
18
18
* Where an application needs direct access to the shared secret, it can call `psa_raw_key_agreement()` instead.
19
19
20
-
If an application requires bounded execution during a key agreement, it can use an interruptible keyagreement operation.
20
+
If an application requires bounded execution during a key agreement, it can use an interruptible key-agreement operation.
21
21
See :secref:`interruptible-key-agreement`.
22
22
23
-
Using `psa_key_agreement()`, `psa_key_derivation_key_agreement()`, or an interruptible keyagreement operation is recommended, as these do not expose the shared secret to the application.
23
+
Using `psa_key_agreement()`, `psa_key_derivation_key_agreement()`, or an interruptible key-agreement operation is recommended, as these do not expose the shared secret to the application.
24
24
25
25
.. note::
26
26
@@ -231,7 +231,7 @@ Standalone key agreement
231
231
.. warning::
232
232
The shared secret resulting from a key-agreement algorithm such as finite-field Diffie-Hellman or elliptic curve Diffie-Hellman has biases. This makes it unsuitable for use as key material, for example, as an AES key. Instead, it is recommended that a key-derivation algorithm is applied to the result, to derive unbiased cryptographic keys.
233
233
234
-
If an application requires bounded execution during key agreement, it can use an interruptible keyagreement operation.
234
+
If an application requires bounded execution during key agreement, it can use an interruptible key-agreement operation.
235
235
See :secref:`interruptible-key-agreement`.
236
236
237
237
.. function:: psa_raw_key_agreement
@@ -363,13 +363,13 @@ Combining key agreement and key derivation
363
363
Interruptible key agreement
364
364
---------------------------
365
365
366
-
Most keyagreement algorithms are computationally expensive.
366
+
Most key-agreement algorithms are computationally expensive.
367
367
368
-
An interruptible keyagreement operation can be used instead of calling `psa_key_agreement()`, in applications that have bounded execution requirements for use cases involving key agreement.
368
+
An interruptible key-agreement operation can be used instead of calling `psa_key_agreement()`, in applications that have bounded execution requirements for use cases involving key agreement.
369
369
370
-
An interruptible keyagreement operation is used as follows:
370
+
An interruptible key-agreement operation is used as follows:
371
371
372
-
1. Allocate an interruptible keyagreement operation object, of type `psa_key_agreement_iop_t`, which will be passed to all the functions listed here.
372
+
1. Allocate an interruptible key-agreement operation object, of type `psa_key_agreement_iop_t`, which will be passed to all the functions listed here.
373
373
#. Initialize the operation object with one of the methods described in the documentation for `psa_key_agreement_iop_t`, for example, `PSA_KEY_AGREEMENT_IOP_INIT`.
374
374
#. Call `psa_key_agreement_iop_setup()` to specify the algorithm, and provide the private key and the peer public key.
375
375
#. Call `psa_key_agreement_iop_complete()` to finish the key agreement and output the shared secret, until this function does not return :code:`PSA_OPERATION_INCOMPLETE`.
@@ -379,11 +379,11 @@ An interruptible key agreement operation is used as follows:
379
379
.. typedef:: /* implementation-defined type */ psa_key_agreement_iop_t
380
380
381
381
.. summary::
382
-
The type of the state data structure for an interruptible keyagreement operation.
382
+
The type of the state data structure for an interruptible key-agreement operation.
383
383
384
384
.. versionadded:: 1.x
385
385
386
-
Before calling any function on an interruptible keyagreement operation object, the application must initialize it by any of the following means:
386
+
Before calling any function on an interruptible key-agreement operation object, the application must initialize it by any of the following means:
387
387
388
388
* Set the object to all-bits-zero, for example:
389
389
@@ -418,14 +418,14 @@ An interruptible key agreement operation is used as follows:
418
418
:definition: /* implementation-defined value */
419
419
420
420
.. summary::
421
-
This macro evaluates to an initializer for an interruptible keyagreement operation object of type `psa_key_agreement_iop_t`.
421
+
This macro evaluates to an initializer for an interruptible key-agreement operation object of type `psa_key_agreement_iop_t`.
422
422
423
423
.. versionadded:: 1.x
424
424
425
425
.. function:: psa_key_agreement_iop_init
426
426
427
427
.. summary::
428
-
Return an initial value for an interruptible keyagreement operation object.
428
+
Return an initial value for an interruptible key-agreement operation object.
429
429
430
430
.. versionadded:: 1.x
431
431
@@ -434,12 +434,12 @@ An interruptible key agreement operation is used as follows:
434
434
.. function:: psa_key_agreement_iop_get_num_ops
435
435
436
436
.. summary::
437
-
Get the number of *ops* that an interruptible keyagreement operation has taken so far.
437
+
Get the number of *ops* that an interruptible key-agreement operation has taken so far.
438
438
439
439
.. versionadded:: 1.x
440
440
441
441
.. param:: psa_key_agreement_iop_t * operation
442
-
The interruptible keyagreement operation to inspect.
442
+
The interruptible key-agreement operation to inspect.
443
443
444
444
.. return:: uint32_t
445
445
Number of *ops* that the operation has taken so far.
@@ -459,7 +459,7 @@ An interruptible key agreement operation is used as follows:
459
459
.. versionadded:: 1.x
460
460
461
461
.. param:: psa_key_agreement_iop_t * operation
462
-
The interruptible keyagreement operation to set up.
462
+
The interruptible key-agreement operation to set up.
463
463
It must have been initialized as per the documentation for `psa_key_agreement_iop_t`, and be inactive.
464
464
.. param:: psa_key_id_t private_key
465
465
Identifier of the private key to use.
@@ -472,7 +472,7 @@ An interruptible key agreement operation is used as follows:
472
472
.. param:: size_t peer_key_length
473
473
Size of ``peer_key`` in bytes.
474
474
.. param:: psa_algorithm_t alg
475
-
The standalone keyagreement algorithm to compute: a value of type `psa_algorithm_t` such that :code:`PSA_ALG_IS_STANDALONE_KEY_AGREEMENT(alg)` is true.
475
+
The standalone key-agreement algorithm to compute: a value of type `psa_algorithm_t` such that :code:`PSA_ALG_IS_STANDALONE_KEY_AGREEMENT(alg)` is true.
The attributes for the key to be output on completion.
478
478
@@ -518,12 +518,12 @@ An interruptible key agreement operation is used as follows:
518
518
.. retval:: PSA_ERROR_INVALID_ARGUMENT
519
519
The following conditions can result in this error:
520
520
521
-
* ``alg`` is not a keyagreement algorithm.
521
+
* ``alg`` is not a key-agreement algorithm.
522
522
* ``private_key`` is not compatible with ``alg``.
523
523
* ``peer_key`` is not a valid public key corresponding to ``private_key``.
524
524
* The output key attributes in ``attributes`` are not valid :
525
525
526
-
- The key type is not valid for keyagreement output.
526
+
- The key type is not valid for key-agreement output.
527
527
- The key size is nonzero, and is not the size of the shared secret.
528
528
- The key lifetime is invalid.
529
529
- The key identifier is not valid for the key lifetime.
@@ -534,7 +534,7 @@ An interruptible key agreement operation is used as follows:
534
534
.. retval:: PSA_ERROR_NOT_SUPPORTED
535
535
The following conditions can result in this error:
536
536
537
-
* ``alg`` is not supported or is not a keyagreement algorithm.
537
+
* ``alg`` is not supported or is not a key-agreement algorithm.
538
538
* ``private_key`` is not supported for use with ``alg``.
539
539
* The output key attributes, as a whole, are not supported, either by the implementation in general or in the specified storage location.
540
540
.. retval:: PSA_ERROR_BAD_STATE
@@ -550,8 +550,8 @@ An interruptible key agreement operation is used as follows:
550
550
.. retval:: PSA_ERROR_DATA_INVALID
551
551
.. retval:: PSA_ERROR_INSUFFICIENT_STORAGE
552
552
553
-
This function sets up an interruptible operation to perform a keyagreement.
554
-
A keyagreement algorithm takes two inputs: a private key ``private_key``, and a public key ``peer_key``.
553
+
This function sets up an interruptible operation to perform a key-agreement.
554
+
A key-agreement algorithm takes two inputs: a private key ``private_key``, and a public key ``peer_key``.
555
555
556
556
When the interruptible operation completes, the shared secret is output in a key. The key's location, policy, and type are taken from ``attributes``. The size of the key is always the bit-size of the shared secret, rounded up to a whole number of bytes.
557
557
@@ -573,7 +573,7 @@ An interruptible key agreement operation is used as follows:
573
573
.. versionadded:: 1.x
574
574
575
575
.. param:: psa_key_agreement_iop_t * operation
576
-
The interruptible keyagreement operation to use.
576
+
The interruptible key-agreement operation to use.
577
577
The operation must be active.
578
578
.. param:: psa_key_id_t * key
579
579
On success, an identifier for the newly created key.
@@ -610,7 +610,7 @@ An interruptible key agreement operation is used as follows:
610
610
This key can be input to a key derivation operation using `psa_key_derivation_input_key()`.
611
611
612
612
.. warning::
613
-
The shared secret resulting from a keyagreement algorithm such as finite-field Diffie-Hellman or elliptic curve Diffie-Hellman has biases. This makes it unsuitable for use as key material, for example, as an AES key. Instead, it is recommended that a key derivation algorithm is applied to the result, to derive unbiased cryptographic keys.
613
+
The shared secret resulting from a key-agreement algorithm such as finite-field Diffie-Hellman or elliptic curve Diffie-Hellman has biases. This makes it unsuitable for use as key material, for example, as an AES key. Instead, it is recommended that a key derivation algorithm is applied to the result, to derive unbiased cryptographic keys.
614
614
615
615
If this function returns :code:`PSA_OPERATION_INCOMPLETE`, no key is returned, and this function must be called again to continue the operation.
616
616
If this function returns an error status, the operation enters an error state and must be aborted by calling `psa_key_agreement_iop_abort()`.
@@ -620,12 +620,12 @@ An interruptible key agreement operation is used as follows:
620
620
.. function:: psa_key_agreement_iop_abort
621
621
622
622
.. summary::
623
-
Abort an interruptible keyagreement operation.
623
+
Abort an interruptible key-agreement operation.
624
624
625
625
.. versionadded:: 1.x
626
626
627
627
.. param:: psa_key_agreement_iop_t * operation
628
-
The interruptible keyagreement operation to abort.
628
+
The interruptible key-agreement operation to abort.
0 commit comments