On z/OS, when any CSSM_CSP_CreateDeriveKeyContext operation is invoked, a copy of the context is created. The pointer to the copy is returned on all CSSM_GetContext calls.

This function creates a cryptographic context to derive either a symmetric key or an asymmetric key, and returns a handle to the context. The cryptographic context handle can be used for calling the cryptographic derive key function.

CSSM_CC_HANDLE CSSMAPI CSSM_CSP_CreateDeriveKeyContext
                  (CSSM_CSP_HANDLE CSPHandle,
                  uint32 AlgorithmID,
                  CSSM_KEY_TYPE DeriveKeyType,
                  uint32 DeriveKeyLength,
                  uint32 IterationCount,
                  const CSSM_DATA_PTR Salt,
                  const CSSM_CRYPTO_DATA_PTR Seed,
                  const CSSM_CRYPTO_DATA_PTR PassPhrase)

Input

CSPHandle

The handle that describes the CSP module used to perform this function. If a NULL handle is specified, OCSF returns an error.

AlgorithmID

The algorithm identification number for a derived key algorithm.

DeriveKeyType

The type of key to derive.

DeriveKeyLength

The length of key to derive.

Input/optional

IterationCount

The number of iterations to be performed during the derivation process. Used heavily by password-based derivation methods.

Salt

A salt used to generate the key.

Seed

A seed used to generate a random number. The caller can both pass a seed and seed length in bytes or pass in a callback function. If NULL is passed, the CSP will use its default seed handling mechanism.

PassPhrase

The passphrase is required to unlock the private key. The passphrase structure accepts an immediate value for the passphrase or the caller can specify a callback function the CSP can use to obtain the passphrase. The passphrase is needed only for signature operations, not verify operations.

Returns a cryptographic context handle. If the handle is NULL, an error has occurred. Use CSSM_GetError to obtain the error code.

CSSM_DeriveKey