From 3f547e46e0cf0c1b6d9b89aeb505b8dec16eb5e0 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 30 Jan 2024 21:27:17 +0100
Subject: [PATCH] Key derivation: nothing to do

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 docs/architecture/psa-migration/psa-legacy-bridges.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/architecture/psa-migration/psa-legacy-bridges.md b/docs/architecture/psa-migration/psa-legacy-bridges.md
index cfa811a824..28fad00268 100644
--- a/docs/architecture/psa-migration/psa-legacy-bridges.md
+++ b/docs/architecture/psa-migration/psa-legacy-bridges.md
@@ -109,7 +109,7 @@ MAC do not have any nontrivial format for keys or outputs, so there is no need f
 
 ### Key derivation gap analysis
 
-[TODO]
+The legacy API does not have a unified interface for key derivation. It has an HKDF interface, an interface for PBKDF2 (`mbedtls_pkcs5_pbkdf2_hmac`), and an interface for the long-deprecated PKCS#12 password-based key derivation (`mbedtls_pkcs12_derivation`). Thus there is no interface gap to fill, apart from hash mechanism identification which is covered under [hash analysis](#hash-gap-analysis).
 
 ### Random generation gap analysis
 
@@ -230,7 +230,7 @@ Based on the [gap analysis](#mac-gap-analysis): nothing to do.
 
 ### Key derivation APIs
 
-[TODO]
+Based on the [gap analysis](#key-derivation-gap-analysis): nothing to do.
 
 ### Random generation APIs