Improve readability of key format and derivation

* Add some boilerplate to provide context for the sub-section contents
* Improve linkage between key pair and public key formats

Author: athoelke

doc/crypto/api/keys/types.rst

@@ -117,11 +117,11 @@ Symmetric keys
 
     .. subsection:: Key format
 
-        The key data is the raw bytes of the key.
+        The data format for import and export of the key is the raw bytes of the key.
 
     .. subsection:: Key derivation
 
-        Draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
+        A call to `psa_key_derivation_output_key()` will draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
 
 .. macro:: PSA_KEY_TYPE_HMAC
     :definition: ((psa_key_type_t)0x1100)
@@ -157,11 +157,11 @@ Symmetric keys
 
     .. subsection:: Key format
 
-        The key data is the raw bytes of the key.
+        The data format for import and export of the key is the raw bytes of the key.
 
     .. subsection:: Key derivation
 
-        Draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
+        A call to `psa_key_derivation_output_key()` will draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
 
 .. macro:: PSA_KEY_TYPE_DERIVE
     :definition: ((psa_key_type_t)0x1200)
@@ -191,11 +191,11 @@ Symmetric keys
 
     .. subsection:: Key format
 
-        The key data is the raw bytes of the key.
+        The data format for import and export of the key is the raw bytes of the key.
 
     .. subsection:: Key derivation
 
-        Draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
+        A call to `psa_key_derivation_output_key()` will draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
 
 .. macro:: PSA_KEY_TYPE_PASSWORD
     :definition: ((psa_key_type_t)0x1203)
@@ -225,11 +225,11 @@ Symmetric keys
 
     .. subsection:: Key format
 
-        The key data is the raw bytes of the key.
+        The data format for import and export of the key is the raw bytes of the key.
 
     .. subsection:: Key derivation
 
-        Draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
+        A call to `psa_key_derivation_output_key()` will draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
 
 .. macro:: PSA_KEY_TYPE_PASSWORD_HASH
     :definition: ((psa_key_type_t)0x1205)
@@ -250,11 +250,11 @@ Symmetric keys
 
     .. subsection:: Key format
 
-        The key data is the raw bytes of the key.
+        The data format for import and export of the key is the raw bytes of the key.
 
     .. subsection:: Key derivation
 
-        Draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
+        A call to `psa_key_derivation_output_key()` will draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
 
 .. macro:: PSA_KEY_TYPE_PEPPER
     :definition: ((psa_key_type_t)0x1206)
@@ -275,11 +275,11 @@ Symmetric keys
 
     .. subsection:: Key format
 
-        The key data is the raw bytes of the key.
+        The data format for import and export of the key is the raw bytes of the key.
 
     .. subsection:: Key derivation
 
-        Draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
+        A call to `psa_key_derivation_output_key()` will draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
 
 .. macro:: PSA_KEY_TYPE_AES
     :definition: ((psa_key_type_t)0x2400)
@@ -320,11 +320,11 @@ Symmetric keys
 
     .. subsection:: Key format
 
-        The key data is the raw bytes of the key.
+        The data format for import and export of the key is the raw bytes of the key.
 
     .. subsection:: Key derivation
 
-        Draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
+        A call to `psa_key_derivation_output_key()` will draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
 
 .. macro:: PSA_KEY_TYPE_ARIA
     :definition: ((psa_key_type_t)0x2406)
@@ -365,11 +365,11 @@ Symmetric keys
 
     .. subsection:: Key format
 
-        The key data is the raw bytes of the key.
+        The data format for import and export of the key is the raw bytes of the key.
 
     .. subsection:: Key derivation
 
-        Draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
+        A call to `psa_key_derivation_output_key()` will draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
 
 .. macro:: PSA_KEY_TYPE_DES
     :definition: ((psa_key_type_t)0x2301)
@@ -406,19 +406,19 @@ Symmetric keys
 
     .. subsection:: Key format
 
-        The key data is the raw bytes of the key.
+        The data format for import and export of the key is the raw bytes of the key.
         The parity bits in each 64-bit DES key element must be correct.
 
     .. subsection:: Key derivation
 
-        To derive a single 64-bit DES key, use the following process:
+        A call to `psa_key_derivation_output_key()` will construct a single 64-bit DES key using the following process:
 
         1.  Draw an 8-byte string.
         #.  Set/clear the parity bits in each byte.
         #.  If the result is a forbidden weak key, discard the result and return to step 1.
         #.  Output the string.
 
-        For 2-key 3DES and 3-key 3DES, repeat this process to derive the 2nd and 3rd keys, as required.
+        For 2-key 3DES and 3-key 3DES, this process is repeated to derive the 2nd and 3rd keys, as required.
 
 .. macro:: PSA_KEY_TYPE_CAMELLIA
     :definition: ((psa_key_type_t)0x2403)
@@ -459,11 +459,11 @@ Symmetric keys
 
     .. subsection:: Key format
 
-        The key data is the raw bytes of the key.
+        The data format for import and export of the key is the raw bytes of the key.
 
     .. subsection:: Key derivation
 
-        Draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
+        A call to `psa_key_derivation_output_key()` will draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
 
 .. macro:: PSA_KEY_TYPE_SM4
     :definition: ((psa_key_type_t)0x2405)
@@ -496,11 +496,11 @@ Symmetric keys
 
     .. subsection:: Key format
 
-        The key data is the raw bytes of the key.
+        The data format for import and export of the key is the raw bytes of the key.
 
     .. subsection:: Key derivation
 
-        Draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
+        A call to `psa_key_derivation_output_key()` will draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
 
 .. macro:: PSA_KEY_TYPE_ARC4
     :definition: ((psa_key_type_t)0x2002)
@@ -523,11 +523,11 @@ Symmetric keys
 
     .. subsection:: Key format
 
-        The key data is the raw bytes of the key.
+        The data format for import and export of the key is the raw bytes of the key.
 
     .. subsection:: Key derivation
 
-        Draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
+        A call to `psa_key_derivation_output_key()` will draw :math:`m/8` bytes of output and use these as the key data, where :math:`m` is the bit-size of the key.
 
 .. macro:: PSA_KEY_TYPE_CHACHA20
     :definition: ((psa_key_type_t)0x2004)
@@ -550,11 +550,11 @@ Symmetric keys
 
     .. subsection:: Key format
 
-        The key data is the raw bytes of the key.
+        The data format for import and export of the key is the raw bytes of the key.
 
     .. subsection:: Key derivation
 
-        Draw 32 bytes of output and use these as the key data.
+        A call to `psa_key_derivation_output_key()` will draw 32 bytes of output and use these as the key data.
 
 .. macro:: PSA_KEY_TYPE_XCHACHA20
     :definition: ((psa_key_type_t)0x2007)
@@ -577,11 +577,11 @@ Symmetric keys
 
     .. subsection:: Key format
 
-        The key data is the raw bytes of the key.
+        The data format for import and export of the key is the raw bytes of the key.
 
     .. subsection:: Key derivation
 
-        Draw 32 bytes of output and use these as the key data.
+        A call to `psa_key_derivation_output_key()` will draw 32 bytes of output and use these as the key data.
 
 .. _asymmetric-keys:
 
@@ -621,7 +621,7 @@ RSA keys
 
     .. subsection:: Key format
 
-        The key data is the non-encrypted DER encoding of the representation defined by in :RFC-title:`8017` as ``RSAPrivateKey``, version ``0``.
+        The data format for import and export of a key-pair is the non-encrypted DER encoding of the representation defined by in :RFC-title:`8017` as ``RSAPrivateKey``, version ``0``.
 
         .. code-block:: none
 
@@ -641,9 +641,11 @@ RSA keys
 
             Although it is possible to define an RSA key pair or private key using a subset of these elements, the output from `psa_export_key()` for an RSA key pair must include all of these elements.
 
+        See `PSA_KEY_TYPE_RSA_PUBLIC_KEY` for the data format used when exporting the public key with `psa_export_public_key()`.
+
     .. subsection:: Key derivation
 
-        The key derivation method for RSA keys is :term:`implementation defined`.
+        The method used by `psa_key_derivation_output_key()` to derive an RSA key-pair is :term:`implementation defined`.
 
 .. macro:: PSA_KEY_TYPE_RSA_PUBLIC_KEY
     :definition: ((psa_key_type_t)0x4001)
@@ -667,7 +669,7 @@ RSA keys
 
     .. subsection:: Key format
 
-        The key data is the DER encoding of the representation defined by :RFC-title:`3279#2.3.1` as ``RSAPublicKey``.
+        The data format for import and export of a public key is the DER encoding of the representation defined by :RFC-title:`3279#2.3.1` as ``RSAPublicKey``.
 
         .. code-block:: none
 
@@ -793,9 +795,10 @@ The curve type affects the key format, the key derivation procedure, and the alg
 
     .. subsection:: Key format
 
+        The data format for import and export of the key-pair depends on the type of elliptic curve.
         :numref:`tab-ecc-key-pair-format` shows the format for each type of elliptic curve key-pair.
-        This is the format used for `psa_import_key()` and `psa_export_key()`.
-        See `PSA_KEY_TYPE_ECC_PUBLIC_KEY()` for the format used for `psa_export_public_key()`.
+
+        See `PSA_KEY_TYPE_ECC_PUBLIC_KEY` for the data format used when exporting the public key with `psa_export_public_key()`.
 
         .. list-table:: Key-pair formats for elliptic curve keys
             :name: tab-ecc-key-pair-format
@@ -824,6 +827,7 @@ The curve type affects the key format, the key derivation procedure, and the alg
 
     .. subsection:: Key derivation
 
+        The key derivation method used when calling `psa_key_derivation_output_key()` depends on the type of elliptic curve.
         :numref:`tab-ecc-key-derivation` shows the derivation method for each type of elliptic curve key.
 
         .. list-table:: Key derivation for elliptic curve keys
@@ -909,6 +913,7 @@ The curve type affects the key format, the key derivation procedure, and the alg
 
     .. subsection:: Key format
 
+        The data format for import and export of the public key depends on the type of elliptic curve.
         :numref:`tab-ecc-public-key-format` shows the format for each type of elliptic curve public key.
 
         .. list-table:: Public key formats for elliptic curve keys
@@ -1175,14 +1180,18 @@ Diffie Hellman keys
 
     .. subsection:: Key format
 
-        The key data is the representation of the private key :math:`x` as a big-endian byte string.
+        The data format for import and export of the key-pair is the representation of the private key :math:`x` as a big-endian byte string.
         The length of the byte string is the private key size in bytes, and leading zeroes are not stripped.
 
+        See `PSA_KEY_TYPE_DH_PUBLIC_KEY` for the data format used when exporting the public key with `psa_export_public_key()`.
+
     .. subsection:: Key derivation
 
-        A Diffie-Hellman private key is :math:`x \in [1, p - 1]`, where :math:`p` is the group's prime modulus.
+        A call to `psa_key_derivation_output_key()` will use the following process, defined in *Key-Pair Generation by Testing Candidates* in :cite-title:`SP800-56A` §5.6.1.1.4.
 
+        A Diffie-Hellman private key is :math:`x \in [1, p - 1]`, where :math:`p` is the group's prime modulus.
         Let :math:`m` be the bit size of :math:`p`, such that :math:`2^{m-1} \leq p < 2^m`.
+
         This function generates the private key using the following process:
 
         1.  Draw a byte string of length :math:`\lceil{m/8}\rceil` bytes.
@@ -1191,8 +1200,6 @@ Diffie Hellman keys
         #.  If :math:`k > p-2`, discard the result and return to step 1.
         #.  Output :math:`x = k + 1` as the private key.
 
-        This method allows compliance to NIST standards, specifically the methods titled *Key-Pair Generation by Testing Candidates* in :cite-title:`SP800-56A` §5.6.1.1.4.
-
 .. macro:: PSA_KEY_TYPE_DH_PUBLIC_KEY
     :definition: /* specification-defined value */
 
@@ -1204,11 +1211,12 @@ Diffie Hellman keys
 
     .. subsection:: Compatible algorithms
 
-        None. Finite-field Diffie-Hellman public keys are exported to use in a key agreement algorithm, and the peer key is provided to the `PSA_ALG_FFDH` key agreement algorithm as a buffer of key data.
+        None: Finite-field Diffie-Hellman public keys are exported to use in a key agreement algorithm, and the peer key is provided to the `PSA_ALG_FFDH` key agreement algorithm as a buffer of key data.
 
     .. subsection:: Key format
 
-        The key data is the representation of the public key :math:`y = g^x\!\mod p` as a big-endian byte string. The length of the byte string is the length of the base prime :math:`p` in bytes.
+        The data format for export of the public key is the representation of the public key :math:`y = g^x\!\mod p` as a big-endian byte string.
+        The length of the byte string is the length of the base prime :math:`p` in bytes.
 
 .. macro:: PSA_DH_FAMILY_RFC7919
     :definition: ((psa_dh_family_t) 0x03)
@@ -1326,22 +1334,22 @@ SPAKE2+ keys
 
     .. subsection:: Key format
 
-        A SPAKE2+ key pair can be exported and imported.
-
-        The key consists of the two values :math:`w0` and :math:`w1`, which result from the SPAKE2+ registration phase, see :secref:`spake2p-registration`.
+        A SPAKE2+ key-pair consists of the two values :math:`w0` and :math:`w1`, which result from the SPAKE2+ registration phase, see :secref:`spake2p-registration`.
         :math:`w0` and :math:`w1` are scalars in the same range as an elliptic curve private key from the group used as the SPAKE2+ primitive group.
 
-        For the |API|, the default format for a SPAKE2+ key pair is the concatenation of the formatted values for :math:`w0` and :math:`w1`, using the standard formats for elliptic curve keys used by the |API|.
+        The data format for import and export of the key-pair is the concatenation of the formatted values for :math:`w0` and :math:`w1`, using the standard formats for elliptic curve keys used by the |API|.
         For example, for SPAKE2+ over P-256 (secp256r1), the output from :code:`psa_export_key()` would be the concatenation of:
 
         *   The P-256 private key :math:`w0`.
             This is a 32-byte big-endian encoding of the integer :math:`w0`.
         *   The P-256 private key :math:`w1`.
             This is a 32-byte big-endian encoding of the integer :math:`w1`.
 
+        See `PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY` for the data format used when exporting the public key with `psa_export_public_key()`.
+
     .. subsection:: Key derivation
 
-        The SPAKE2+ key derivation process follows the recommendations for the registration process in :rfc-title:`9383`, and matches the specification of this process in :cite-title:`MATTER`.
+        A call to `psa_key_derivation_output_key()` will use the following process, which follows the recommendations for the registration process in :rfc-title:`9383`, and matches the specification of this process in :cite-title:`MATTER`.
 
         The derivation of SPAKE2+ keys extracts :math:`\lceil{log_2(p)/8}\rceil+8` bytes from the PBKDF for each of :math:`w0s` and :math:`w1s`, where :math:`p` is the prime factor of the order of the elliptic curve group.
         The following sizes are used for extracting :math:`w0s` and :math:`w1s`, depending on the elliptic curve:
@@ -1384,13 +1392,11 @@ SPAKE2+ keys
 
     .. subsection:: Key format
 
-        A SPAKE2+ public key can be exported and imported, to enable use cases that require offline registration.
-
-        The public key consists of the two values :math:`w0` and :math:`L`, which result from the SPAKE2+ registration phase, see :secref:`spake2p-registration`.
+        A SPAKE2+ public key consists of the two values :math:`w0` and :math:`L`, which result from the SPAKE2+ registration phase, see :secref:`spake2p-registration`.
         :math:`w0` is a scalar in the same range as a elliptic curve private key from the group used as the SPAKE2+ primitive group.
         :math:`L` is a point on the curve, similar to a public key from the same group, corresponding to the :math:`w1` value in the key pair.
 
-        For the |API|, the default format for a SPAKE2+ public key is the concatenation of the formatted values for :math:`w0` and :math:`L`, using the standard formats for elliptic curve keys used by the |API|.
+        The data format for import and export of the public key is the concatenation of the formatted values for :math:`w0` and :math:`L`, using the standard formats for elliptic curve keys used by the |API|.
         For example, for SPAKE2+ over P-256 (secp256r1), the output from :code:`psa_export_public_key()` would be the concatenation of:
 
         *   The P-256 private key :math:`w0`.