Macros  
#define  PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t)(1)) 
Use the maximum possible capacity for a key derivation operation. More...  
#define  PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t)(1)) 
Use the maximum possible capacity for a key derivation operation. More...  
#define  PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t)(1)) 
Use the maximum possible capacity for a key derivation operation. More...  
Typedefs  
typedef struct psa_key_derivation_s  psa_key_derivation_operation_t 
The type of the state data structure for key derivation operations. More...  
typedef struct psa_key_derivation_s  psa_key_derivation_operation_t 
The type of the state data structure for key derivation operations. More...  
typedef struct psa_key_derivation_s  psa_key_derivation_operation_t 
The type of the state data structure for key derivation operations. More...  
Functions  
static psa_key_derivation_operation_t  psa_key_derivation_operation_init (void) 
Return an initial value for a key derivation operation object. More...  
psa_status_t  psa_key_derivation_setup (psa_key_derivation_operation_t *operation, psa_algorithm_t alg) 
Set up a key derivation operation. More...  
psa_status_t  psa_key_derivation_get_capacity (const psa_key_derivation_operation_t *operation, size_t *capacity) 
Retrieve the current capacity of a key derivation operation. More...  
psa_status_t  psa_key_derivation_set_capacity (psa_key_derivation_operation_t *operation, size_t capacity) 
Set the maximum capacity of a key derivation operation. More...  
psa_status_t  psa_key_derivation_input_bytes (psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length) 
Provide an input for key derivation or key agreement. More...  
psa_status_t  psa_key_derivation_input_key (psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, psa_key_handle_t handle) 
Provide an input for key derivation in the form of a key. More...  
psa_status_t  psa_key_derivation_key_agreement (psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, psa_key_handle_t private_key, const uint8_t *peer_key, size_t peer_key_length) 
Perform a key agreement and use the shared secret as input to a key derivation. More...  
psa_status_t  psa_key_derivation_output_bytes (psa_key_derivation_operation_t *operation, uint8_t *output, size_t output_length) 
Read some data from a key derivation operation. More...  
psa_status_t  psa_key_derivation_output_key (const psa_key_attributes_t *attributes, psa_key_derivation_operation_t *operation, psa_key_handle_t *handle) 
Derive a key from an ongoing key derivation operation. More...  
psa_status_t  psa_key_derivation_abort (psa_key_derivation_operation_t *operation) 
Abort a key derivation operation. More...  
psa_status_t  psa_raw_key_agreement (psa_algorithm_t alg, psa_key_handle_t private_key, const uint8_t *peer_key, size_t peer_key_length, uint8_t *output, size_t output_size, size_t *output_length) 
Perform a key agreement and return the raw shared secret. More...  
#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t)(1)) 
Use the maximum possible capacity for a key derivation operation.
Use this value as the capacity argument when setting up a key derivation to indicate that the operation should have the maximum possible capacity. The value of the maximum possible capacity depends on the key derivation algorithm.
Definition at line 3235 of file TARGET_TFM/TARGET_TFM_V1_1/include/psa/crypto.h.
#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t)(1)) 
Use the maximum possible capacity for a key derivation operation.
Use this value as the capacity argument when setting up a key derivation to indicate that the operation should have the maximum possible capacity. The value of the maximum possible capacity depends on the key derivation algorithm.
Definition at line 3237 of file TARGET_TFM/TARGET_TFM_V1_0/include/psa/crypto.h.
#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t)(1)) 
Use the maximum possible capacity for a key derivation operation.
Use this value as the capacity argument when setting up a key derivation to indicate that the operation should have the maximum possible capacity. The value of the maximum possible capacity depends on the key derivation algorithm.
Definition at line 3247 of file TARGET_MBED_PSA_SRV/inc/psa/crypto.h.
typedef struct psa_key_derivation_s psa_key_derivation_operation_t 
The type of the state data structure for key derivation operations.
Before calling any function on a key derivation operation object, the application must initialize it by any of the following means:
This is an implementationdefined struct
. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation.
Definition at line 3094 of file TARGET_TFM/TARGET_TFM_V1_1/include/psa/crypto.h.
typedef struct psa_key_derivation_s psa_key_derivation_operation_t 
The type of the state data structure for key derivation operations.
Before calling any function on a key derivation operation object, the application must initialize it by any of the following means:
This is an implementationdefined struct
. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation.
Definition at line 3096 of file TARGET_TFM/TARGET_TFM_V1_0/include/psa/crypto.h.
typedef struct psa_key_derivation_s psa_key_derivation_operation_t 
The type of the state data structure for key derivation operations.
Before calling any function on a key derivation operation object, the application must initialize it by any of the following means:
This is an implementationdefined struct
. Applications should not make any assumptions about the content of this structure except as directed by the documentation of a specific implementation.
Definition at line 3106 of file TARGET_MBED_PSA_SRV/inc/psa/crypto.h.
psa_status_t psa_key_derivation_abort  (  psa_key_derivation_operation_t *  operation  ) 
Abort a key derivation operation.
Aborting an operation frees all associated resources except for the operation
structure itself. Once aborted, the operation object can be reused for another operation by calling psa_key_derivation_setup() again.
This function may be called at any time after the operation object has been initialized as described in psa_key_derivation_operation_t.
In particular, it is valid to call psa_key_derivation_abort() twice, or to call psa_key_derivation_abort() on an operation that has not been set up.
[in,out]  operation  The operation to abort. 
PSA_SUCCESS  
PSA_ERROR_COMMUNICATION_FAILURE  
PSA_ERROR_HARDWARE_FAILURE  
PSA_ERROR_CORRUPTION_DETECTED  
PSA_ERROR_BAD_STATE  The library has not been previously initialized by psa_crypto_init(). It is implementationdependent whether a failure to initialize results in this error code. 
psa_status_t psa_key_derivation_get_capacity  (  const psa_key_derivation_operation_t *  operation, 
size_t *  capacity  
) 
Retrieve the current capacity of a key derivation operation.
The capacity of a key derivation is the maximum number of bytes that it can return. When you get N bytes of output from a key derivation operation, this reduces its capacity by N.
[in]  operation  The operation to query. 
[out]  capacity  On success, the capacity of the operation. 
PSA_SUCCESS  
PSA_ERROR_COMMUNICATION_FAILURE  
PSA_ERROR_BAD_STATE  The operation state is not valid (it must be active). 
PSA_ERROR_HARDWARE_FAILURE  
PSA_ERROR_CORRUPTION_DETECTED  
PSA_ERROR_BAD_STATE  The library has not been previously initialized by psa_crypto_init(). It is implementationdependent whether a failure to initialize results in this error code. 
psa_status_t psa_key_derivation_input_bytes  (  psa_key_derivation_operation_t *  operation, 
psa_key_derivation_step_t  step,  
const uint8_t *  data,  
size_t  data_length  
) 
Provide an input for key derivation or key agreement.
Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.
This function passes direct inputs, which is usually correct for nonsecret inputs. To pass a secret input, which should be in a key object, call psa_key_derivation_input_key() instead of this function. Refer to the documentation of individual step types (PSA_KEY_DERIVATION_INPUT_xxx
values of type psa_key_derivation_step_t) for more information.
If this function returns an error status, the operation enters an error state and must be aborted by calling psa_key_derivation_abort().
[in,out]  operation  The key derivation operation object to use. It must have been set up with psa_key_derivation_setup() and must not have produced any output yet. 
step  Which step the input data is for.  
[in]  data  Input data to use. 
data_length  Size of the data buffer in bytes. 
PSA_SUCCESS  Success. 
PSA_ERROR_INVALID_ARGUMENT  step is not compatible with the operation's algorithm. 
PSA_ERROR_INVALID_ARGUMENT  step does not allow direct inputs. 
PSA_ERROR_INSUFFICIENT_MEMORY  
PSA_ERROR_COMMUNICATION_FAILURE  
PSA_ERROR_HARDWARE_FAILURE  
PSA_ERROR_CORRUPTION_DETECTED  
PSA_ERROR_STORAGE_FAILURE  
PSA_ERROR_BAD_STATE  The operation state is not valid for this input step . 
PSA_ERROR_BAD_STATE  The library has not been previously initialized by psa_crypto_init(). It is implementationdependent whether a failure to initialize results in this error code. 
psa_status_t psa_key_derivation_input_key  (  psa_key_derivation_operation_t *  operation, 
psa_key_derivation_step_t  step,  
psa_key_handle_t  handle  
) 
Provide an input for key derivation in the form of a key.
Which inputs are required and in what order depends on the algorithm. Refer to the documentation of each key derivation or key agreement algorithm for information.
This function obtains input from a key object, which is usually correct for secret inputs or for nonsecret personalization strings kept in the key store. To pass a nonsecret parameter which is not in the key store, call psa_key_derivation_input_bytes() instead of this function. Refer to the documentation of individual step types (PSA_KEY_DERIVATION_INPUT_xxx
values of type psa_key_derivation_step_t) for more information.
If this function returns an error status, the operation enters an error state and must be aborted by calling psa_key_derivation_abort().
[in,out]  operation  The key derivation operation object to use. It must have been set up with psa_key_derivation_setup() and must not have produced any output yet. 
step  Which step the input data is for.  
handle  Handle to the key. It must have an appropriate type for step and must allow the usage PSA_KEY_USAGE_DERIVE. 
PSA_SUCCESS  Success. 
PSA_ERROR_INVALID_HANDLE  
PSA_ERROR_NOT_PERMITTED  
PSA_ERROR_INVALID_ARGUMENT  step is not compatible with the operation's algorithm. 
PSA_ERROR_INVALID_ARGUMENT  step does not allow key inputs of the given type or does not allow key inputs at all. 
PSA_ERROR_INSUFFICIENT_MEMORY  
PSA_ERROR_COMMUNICATION_FAILURE  
PSA_ERROR_HARDWARE_FAILURE  
PSA_ERROR_CORRUPTION_DETECTED  
PSA_ERROR_STORAGE_FAILURE  
PSA_ERROR_BAD_STATE  The operation state is not valid for this input step . 
PSA_ERROR_BAD_STATE  The library has not been previously initialized by psa_crypto_init(). It is implementationdependent whether a failure to initialize results in this error code. 
psa_status_t psa_key_derivation_key_agreement  (  psa_key_derivation_operation_t *  operation, 
psa_key_derivation_step_t  step,  
psa_key_handle_t  private_key,  
const uint8_t *  peer_key,  
size_t  peer_key_length  
) 
Perform a key agreement and use the shared secret as input to a key derivation.
A key agreement algorithm takes two inputs: a private key private_key
a public key peer_key
. The result of this function is passed as input to a key derivation. The output of this key derivation can be extracted by reading from the resulting operation to produce keys and other cryptographic material.
If this function returns an error status, the operation enters an error state and must be aborted by calling psa_key_derivation_abort().
[in,out]  operation  The key derivation operation object to use. It must have been set up with psa_key_derivation_setup() with a key agreement and derivation algorithm alg (PSA_ALG_XXX value such that PSA_ALG_IS_KEY_AGREEMENT(alg ) is true and PSA_ALG_IS_RAW_KEY_AGREEMENT(alg ) is false). The operation must be ready for an input of the type given by step . 
step  Which step the input data is for.  
private_key  Handle to the private key to use.  
[in]  peer_key  Public key of the peer. The peer key must be in the same format that psa_import_key() accepts for the public key type corresponding to the type of private_key. That is, this function performs the equivalent of psa_import_key(..., peer_key , peer_key_length ) where with key attributes indicating the public key type corresponding to the type of private_key . For example, for EC keys, this means that peer_key is interpreted as a point on the curve that the private key is on. The standard formats for public keys are documented in the documentation of psa_export_public_key(). 
peer_key_length  Size of peer_key in bytes. 
PSA_SUCCESS  Success. 
PSA_ERROR_BAD_STATE  The operation state is not valid for this key agreement step . 
PSA_ERROR_INVALID_HANDLE  
PSA_ERROR_NOT_PERMITTED  
PSA_ERROR_INVALID_ARGUMENT  private_key is not compatible with alg , or peer_key is not valid for alg or not compatible with private_key . 
PSA_ERROR_NOT_SUPPORTED  alg is not supported or is not a key derivation algorithm. 
PSA_ERROR_INVALID_ARGUMENT  step does not allow an input resulting from a key agreement. 
PSA_ERROR_INSUFFICIENT_MEMORY  
PSA_ERROR_COMMUNICATION_FAILURE  
PSA_ERROR_HARDWARE_FAILURE  
PSA_ERROR_CORRUPTION_DETECTED  
PSA_ERROR_STORAGE_FAILURE  
PSA_ERROR_BAD_STATE  The library has not been previously initialized by psa_crypto_init(). It is implementationdependent whether a failure to initialize results in this error code. 

static 
Return an initial value for a key derivation operation object.
psa_status_t psa_key_derivation_output_bytes  (  psa_key_derivation_operation_t *  operation, 
uint8_t *  output,  
size_t  output_length  
) 
Read some data from a key derivation operation.
This function calculates output bytes from a key derivation algorithm and return those bytes. If you view the key derivation's output as a stream of bytes, this function destructively reads the requested number of bytes from the stream. The operation's capacity decreases by the number of bytes read.
If this function returns an error status other than PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error state and must be aborted by calling psa_key_derivation_abort().
[in,out]  operation  The key derivation operation object to read from. 
[out]  output  Buffer where the output will be written. 
output_length  Number of bytes to output. 
PSA_SUCCESS  
PSA_ERROR_INSUFFICIENT_DATA  The operation's capacity was less than output_length bytes. Note that in this case, no output is written to the output buffer. The operation's capacity is set to 0, thus subsequent calls to this function will not succeed, even with a smaller output buffer. 
PSA_ERROR_BAD_STATE  The operation state is not valid (it must be active and completed all required input steps). 
PSA_ERROR_INSUFFICIENT_MEMORY  
PSA_ERROR_COMMUNICATION_FAILURE  
PSA_ERROR_HARDWARE_FAILURE  
PSA_ERROR_CORRUPTION_DETECTED  
PSA_ERROR_STORAGE_FAILURE  
PSA_ERROR_BAD_STATE  The library has not been previously initialized by psa_crypto_init(). It is implementationdependent whether a failure to initialize results in this error code. 
psa_status_t psa_key_derivation_output_key  (  const psa_key_attributes_t *  attributes, 
psa_key_derivation_operation_t *  operation,  
psa_key_handle_t *  handle  
) 
Derive a key from an ongoing key derivation operation.
This function calculates output bytes from a key derivation algorithm and uses those bytes to generate a key deterministically. The key's location, usage policy, type and size are taken from attributes
.
If you view the key derivation's output as a stream of bytes, this function destructively reads as many bytes as required from the stream. The operation's capacity decreases by the number of bytes read.
If this function returns an error status other than PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error state and must be aborted by calling psa_key_derivation_abort().
How much output is produced and consumed from the operation, and how the key is derived, depends on the key type:
bits
/ 8) bytes from the operation. The following key types defined in this specification follow this scheme:
curve
) where curve
designates a Montgomery curve), this function always draws a byte string whose length is determined by the curve, and sets the mandatory bits accordingly. That is:bits
bits with constraints as to which bit sequences are acceptable, this function draws a byte string of length (bits
/ 8) bytes rounded up to the nearest whole number of bytes. If the resulting byte string is acceptable, it becomes the key, otherwise the drawn bytes are discarded. This process is repeated until an acceptable byte string is drawn. The byte string drawn from the operation is interpreted as specified for the output produced by psa_export_key(). The following key types defined in this specification follow this scheme:group
) where group
designates any DiffieHellman group) and ECC keys on a Weierstrass elliptic curve (PSA_KEY_TYPE_ECC_KEY_PAIR(curve
) where curve
designates a Weierstrass curve). For these key types, interpret the byte string as integer in bigendian order. Discard it if it is not in the range [0, N  2] where N is the boundary of the private key domain (the prime p for DiffieHellman, the subprime q for DSA, or the order of the curve's base point for ECC). Add 1 to the resulting integer and use this as the private key x. This method allows compliance to NIST standards, specifically the methods titled "keypair generation by testing candidates" in NIST SP 80056A §5.6.1.1.4 for DiffieHellman, in FIPS 1864 §B.1.2 for DSA, and in NIST SP 80056A §5.6.1.2.2 or FIPS 1864 §B.4.2 for elliptic curve keys.In all cases, the data that is read is discarded from the operation. The operation's capacity is decreased by the number of bytes read.
For algorithms that take an input step PSA_KEY_DERIVATION_INPUT_SECRET, the input to that step must be provided with psa_key_derivation_input_key(). Future versions of this specification may include additional restrictions on the derived key based on the attributes and strength of the secret key.
[in]  attributes  The attributes for the new key. 
[in,out]  operation  The key derivation operation object to read from. 
[out]  handle  On success, a handle to the newly created key. 0 on failure. 
PSA_SUCCESS  Success. If the key is persistent, the key material and the key's metadata have been saved to persistent storage. 
PSA_ERROR_ALREADY_EXISTS  This is an attempt to create a persistent key, and there is already a persistent key with the given identifier. 
PSA_ERROR_INSUFFICIENT_DATA  There was not enough data to create the desired key. Note that in this case, no output is written to the output buffer. The operation's capacity is set to 0, thus subsequent calls to this function will not succeed, even with a smaller output buffer. 
PSA_ERROR_NOT_SUPPORTED  The key type or key size is not supported, either by the implementation in general or in this particular location. 
PSA_ERROR_INVALID_ARGUMENT  The provided key attributes are not valid for the operation. 
PSA_ERROR_NOT_PERMITTED  The PSA_KEY_DERIVATION_INPUT_SECRET input was not provided through a key. 
PSA_ERROR_BAD_STATE  The operation state is not valid (it must be active and completed all required input steps). 
PSA_ERROR_INSUFFICIENT_MEMORY  
PSA_ERROR_INSUFFICIENT_STORAGE  
PSA_ERROR_COMMUNICATION_FAILURE  
PSA_ERROR_HARDWARE_FAILURE  
PSA_ERROR_CORRUPTION_DETECTED  
PSA_ERROR_STORAGE_FAILURE  
PSA_ERROR_BAD_STATE  The library has not been previously initialized by psa_crypto_init(). It is implementationdependent whether a failure to initialize results in this error code. 
This function calculates output bytes from a key derivation algorithm and uses those bytes to generate a key deterministically. The key's location, usage policy, type and size are taken from attributes
.
If you view the key derivation's output as a stream of bytes, this function destructively reads as many bytes as required from the stream. The operation's capacity decreases by the number of bytes read.
If this function returns an error status other than PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error state and must be aborted by calling psa_key_derivation_abort().
How much output is produced and consumed from the operation, and how the key is derived, depends on the key type:
bits
/ 8) bytes from the operation. The following key types defined in this specification follow this scheme:
curve
) where curve
designates a Montgomery curve), this function always draws a byte string whose length is determined by the curve, and sets the mandatory bits accordingly. That is:bits
bits with constraints as to which bit sequences are acceptable, this function draws a byte string of length (bits
/ 8) bytes rounded up to the nearest whole number of bytes. If the resulting byte string is acceptable, it becomes the key, otherwise the drawn bytes are discarded. This process is repeated until an acceptable byte string is drawn. The byte string drawn from the operation is interpreted as specified for the output produced by psa_export_key(). The following key types defined in this specification follow this scheme:group
) where group
designates any DiffieHellman group) and ECC keys on a Weierstrass elliptic curve (PSA_KEY_TYPE_ECC_KEY_PAIR(curve
) where curve
designates a Weierstrass curve). For these key types, interpret the byte string as integer in bigendian order. Discard it if it is not in the range [0, N  2] where N is the boundary of the private key domain (the prime p for DiffieHellman, the subprime q for DSA, or the order of the curve's base point for ECC). Add 1 to the resulting integer and use this as the private key x. This method allows compliance to NIST standards, specifically the methods titled "keypair generation by testing candidates" in NIST SP 80056A §5.6.1.1.4 for DiffieHellman, in FIPS 1864 §B.1.2 for DSA, and in NIST SP 80056A §5.6.1.2.2 or FIPS 1864 §B.4.2 for elliptic curve keys.In all cases, the data that is read is discarded from the operation. The operation's capacity is decreased by the number of bytes read.
For algorithms that take an input step PSA_KEY_DERIVATION_INPUT_SECRET, the input to that step must be provided with psa_key_derivation_input_key(). Future versions of this specification may include additional restrictions on the derived key based on the attributes and strength of the secret key.
[in]  attributes  The attributes for the new key. 
[in,out]  operation  The key derivation operation object to read from. 
[out]  handle  On success, a handle to the newly created key. 0 on failure. 
PSA_SUCCESS  Success. If the key is persistent, the key material and the key's metadata have been saved to persistent storage. 
PSA_ERROR_ALREADY_EXISTS  This is an attempt to create a persistent key, and there is already a persistent key with the given identifier. 
PSA_ERROR_INSUFFICIENT_DATA  There was not enough data to create the desired key. Note that in this case, no output is written to the output buffer. The operation's capacity is set to 0, thus subsequent calls to this function will not succeed, even with a smaller output buffer. 
PSA_ERROR_NOT_SUPPORTED  The key type or key size is not supported, either by the implementation in general or in this particular location. 
PSA_ERROR_INVALID_ARGUMENT  The provided key attributes are not valid for the operation. 
PSA_ERROR_NOT_PERMITTED  The PSA_KEY_DERIVATION_INPUT_SECRET input was not provided through a key. 
PSA_ERROR_BAD_STATE  The operation state is not valid (it must be active and completed all required input steps). 
PSA_ERROR_INSUFFICIENT_MEMORY  
PSA_ERROR_INSUFFICIENT_STORAGE  
PSA_ERROR_COMMUNICATION_FAILURE  
PSA_ERROR_HARDWARE_FAILURE  
PSA_ERROR_CORRUPTION_DETECTED  
PSA_ERROR_STORAGE_FAILURE  
PSA_ERROR_BAD_STATE  The library has not been previously initialized by psa_crypto_init(). It is implementationdependent whether a failure to initialize results in this error code. 
psa_status_t psa_key_derivation_set_capacity  (  psa_key_derivation_operation_t *  operation, 
size_t  capacity  
) 
Set the maximum capacity of a key derivation operation.
The capacity of a key derivation operation is the maximum number of bytes that the key derivation operation can return from this point onwards.
[in,out]  operation  The key derivation operation object to modify. 
capacity  The new capacity of the operation. It must be less or equal to the operation's current capacity. 
PSA_SUCCESS  
PSA_ERROR_INVALID_ARGUMENT  capacity is larger than the operation's current capacity. In this case, the operation object remains valid and its capacity remains unchanged. 
PSA_ERROR_BAD_STATE  The operation state is not valid (it must be active). 
PSA_ERROR_COMMUNICATION_FAILURE  
PSA_ERROR_HARDWARE_FAILURE  
PSA_ERROR_CORRUPTION_DETECTED  
PSA_ERROR_BAD_STATE  The library has not been previously initialized by psa_crypto_init(). It is implementationdependent whether a failure to initialize results in this error code. 
psa_status_t psa_key_derivation_setup  (  psa_key_derivation_operation_t *  operation, 
psa_algorithm_t  alg  
) 
Set up a key derivation operation.
A key derivation algorithm takes some inputs and uses them to generate a byte stream in a deterministic way. This byte stream can be used to produce keys and other cryptographic material.
To derive a key:
If this function returns an error, the key derivation operation object is not changed.
If an error occurs at any step after a call to psa_key_derivation_setup(), the operation will need to be reset by a call to psa_key_derivation_abort().
Implementations must reject an attempt to derive a key of size 0.
[in,out]  operation  The key derivation operation object to set up. It must have been initialized but not set up yet. 
alg  The key derivation algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_KEY_DERIVATION(alg ) is true). 
PSA_SUCCESS  Success. 
PSA_ERROR_INVALID_ARGUMENT  alg is not a key derivation algorithm. 
PSA_ERROR_NOT_SUPPORTED  alg is not supported or is not a key derivation algorithm. 
PSA_ERROR_INSUFFICIENT_MEMORY  
PSA_ERROR_COMMUNICATION_FAILURE  
PSA_ERROR_HARDWARE_FAILURE  
PSA_ERROR_CORRUPTION_DETECTED  
PSA_ERROR_STORAGE_FAILURE  
PSA_ERROR_BAD_STATE  The operation state is not valid (it must be inactive). 
PSA_ERROR_BAD_STATE  The library has not been previously initialized by psa_crypto_init(). It is implementationdependent whether a failure to initialize results in this error code. 
psa_status_t psa_raw_key_agreement  (  psa_algorithm_t  alg, 
psa_key_handle_t  private_key,  
const uint8_t *  peer_key,  
size_t  peer_key_length,  
uint8_t *  output,  
size_t  output_size,  
size_t *  output_length  
) 
Perform a key agreement and return the raw shared secret.
alg  The key agreement algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_RAW_KEY_AGREEMENT(alg ) is true).  
private_key  Handle to the private key to use.  
[in]  peer_key  Public key of the peer. It must be in the same format that psa_import_key() accepts. The standard formats for public keys are documented in the documentation of psa_export_public_key(). 
peer_key_length  Size of peer_key in bytes.  
[out]  output  Buffer where the decrypted message is to be written. 
output_size  Size of the output buffer in bytes.  
[out]  output_length  On success, the number of bytes that make up the returned output. 
PSA_SUCCESS  Success. 
PSA_ERROR_INVALID_HANDLE  
PSA_ERROR_NOT_PERMITTED  
PSA_ERROR_INVALID_ARGUMENT  alg is not a key agreement algorithm 
PSA_ERROR_INVALID_ARGUMENT  private_key is not compatible with alg , or peer_key is not valid for alg or not compatible with private_key . 
PSA_ERROR_BUFFER_TOO_SMALL  output_size is too small 
PSA_ERROR_NOT_SUPPORTED  alg is not a supported key agreement algorithm. 
PSA_ERROR_INSUFFICIENT_MEMORY  
PSA_ERROR_COMMUNICATION_FAILURE  
PSA_ERROR_HARDWARE_FAILURE  
PSA_ERROR_CORRUPTION_DETECTED  
PSA_ERROR_STORAGE_FAILURE  
PSA_ERROR_BAD_STATE  The library has not been previously initialized by psa_crypto_init(). It is implementationdependent whether a failure to initialize results in this error code. 