The documentation for psa_key_derivation_output_key(), states that this is not permitted if a PSA_KEY_DERIVATION_INPUT_SECRET step did not use psa_key_derivation_input_key() or psa_key_derivation_key_agreement(). This is both in the error condition table, and the description.
This constraint is also true for PSA_KEY_DERIVATION_INPUT_PASSWORD input steps - see the description of this step. However, this is not documented in the psa_key_derivation_output_key() function, with the PSA_KEY_DERIVATION_INPUT_SECRET constraint, only in the definition of PSA_KEY_DERIVATION_INPUT_PASSWORD.
This omitted constraint description is also missing from the psa_key_derivation_output_key_custom() API introduced in #194.
The documentation for
psa_key_derivation_output_key(), states that this is not permitted if aPSA_KEY_DERIVATION_INPUT_SECRETstep did not usepsa_key_derivation_input_key()orpsa_key_derivation_key_agreement(). This is both in the error condition table, and the description.This constraint is also true for
PSA_KEY_DERIVATION_INPUT_PASSWORDinput steps - see the description of this step. However, this is not documented in thepsa_key_derivation_output_key()function, with thePSA_KEY_DERIVATION_INPUT_SECRETconstraint, only in the definition ofPSA_KEY_DERIVATION_INPUT_PASSWORD.This omitted constraint description is also missing from the
psa_key_derivation_output_key_custom()API introduced in #194.