forked from ARM-software/psa-api
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathterms
188 lines (105 loc) · 5.54 KB
/
terms
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
.. SPDX-FileCopyrightText: Copyright 2020-2022 Arm Limited and/or its affiliates <[email protected]>
.. SPDX-License-Identifier: CC-BY-SA-4.0 AND LicenseRef-Patent-license
.. term:: Algorithm
A finite sequence of steps to perform a particular operation.
In this specification, an algorithm is a :term:`cipher` or a related function.
Other texts call this a cryptographic mechanism.
.. term:: Byte
In this specification, a unit of storage comprising eight bits, also called an octet.
.. term:: API
Application Programming Interface.
.. term:: Cipher
An algorithm used for encryption or decryption with a :term:`symmetric` key.
.. term:: Key agreement
An algorithm for two or more parties to establish a common secret key.
.. term:: Key identifier
A reference to a cryptographic key. Key identifiers in the |API| are 32-bit integers.
.. term:: Key type
Key metadata that describes the structure and content of a key.
.. term:: Key policy
Key metadata that describes and restricts what a key can be used for.
.. term:: Lifetime
Key metadata that describes when a key is destroyed.
.. scterm:: Implementation defined
Behavior that is not defined by the architecture, but is defined and documented by individual implementations.
.. scterm:: Specification defined
Behavior that is defined by this specification.
.. term:: Multi-part operation
An :term:`API` which splits a single cryptographic operation into a sequence of separate steps.
.. term:: Single-part function
An :term:`API` that implements the cryptographic operation in a single function call.
.. term:: Keystore
A hardware or software component that protects, stores, and manages cryptographic keys.
.. term:: Nonce
Used as an input for certain :term:`AEAD` algorithms.
Nonces must not be reused with the same key because this can break a cryptographic protocol.
.. term:: Authenticated Encryption with Associated Data
:abbr: AEAD
A type of encryption that
provides confidentiality and authenticity of data using :term:`symmetric` keys.
.. term:: Initialization vector
:abbr: IV
An additional input that is not part of the message. It is used to prevent an attacker from making any
correlation between cipher text and plain text.
This specification uses the term for such initial inputs
in all contexts. For example, the initial counter in CTR mode is called the IV.
.. term:: Cryptoprocessor
The component that performs cryptographic operations.
A cryptoprocessor might contain a :term:`keystore` and countermeasures against a range of physical and timing attacks.
.. term:: Hash
A cryptographic hash function, or the value returned by such a function.
.. term:: Message digest
A :term:`hash` of a message. Used to determine if a message has been tampered.
.. term:: Signature
The output of a digital signature scheme that uses an :term:`asymmetric` keypair. Used to establish who produced a message.
.. term:: Key size
The size of a key as defined by common conventions for each key type.
For keys that are built from several numbers of strings, this is the size of a particular one of these numbers or strings.
This specification expresses key sizes in bits.
.. term:: Key Derivation Function
:abbr: KDF
Key Derivation Function. An algorithm for deriving keys from secret material.
.. term:: PSA
Platform Security Architecture
.. term:: Message Authentication Code
:abbr: MAC
A short piece of information used to authenticate a message.
It is created and verified using a :term:`symmetric` key.
.. term:: HMAC
A type of :term:`MAC` that uses a cryptographic key with a :term:`hash` function.
.. term:: Non-extractable key
A key with a :term:`key policy` that prevents it from being read by ordinary means.
.. term:: Persistent key
A key that is stored in protected non-volatile memory.
See :secref:`key-lifetimes`.
.. term:: Salt
Used as an input for certain algorithms, such as key derivations.
.. term:: Symmetric
A type of cryptographic algorithm that uses a single key. A symmetric key can be used with
a block cipher or a stream cipher.
.. term:: Asymmetric
See :term:`Public-key cryptography`.
.. term:: Public-key cryptography
A type of cryptographic system that uses key pairs. A keypair consists of a (secret) private key
and a public key (not secret). A public key cryptographic algorithm can be used for key distribution
and for digital signatures.
.. term:: Volatile key
A key that has a short lifespan and is guaranteed not to exist after a restart of an application instance.
See :secref:`key-lifetimes`.
.. term:: No isolation
Property of an implementation in which there is no security boundary between the application and the
cryptoprocessor.
See :secref:`isolation`.
.. term:: Isolation
Property of an implementation in which there is a security boundary between the application and the
cryptoprocessor.
See :secref:`isolation`.
.. term:: Cryptoprocessor isolation
Property of an implementation in which there is a security boundary between the application and the
cryptoprocessor, but the cryptoprocessor does not communicate with other applications.
See :secref:`isolation`.
.. term:: Caller isolation
Property of an implementation in which there are multiple application instances, with a security
boundary between the application instances, as well as between the cryptoprocessor and the
application instances.
See :secref:`isolation`.